Joined: 04 Jan 2007 Posts: 11563 Location: Wherever the wind blows- North America
Posted: Mon Jul 13, 2009 22:44 Post subject: WRT310N recovery.
Hi all,
I received a bricked WRT310N today. (To the user who sent me this unit...Brian M., please send me a PM...I accidentally deleted our previous communication and I can't remember your username...thanx)
This unit had a corrupt kernel but wouldn't allow the unit to boot, or load a tftp build of FW.
I installed Serial and JTAG headers so I could see what was happening with the unit.
The unit was not allowing tftp of any .bin
Flash chip is K8P3215UQB and BCM4705 processor (4785)
TJTAG would recognize the CPU chip...but not the flash memory chip. After a quick search...I found that others have had good luck using the /fc:19 switch with TJTAG for another Samsung 2M X16 chip.
Then I tried to tftp the FW back on the unit (12476_mini.bin)...but I got the "Incorrect Header" message displayed in the Serial terminal, that indicated the CFE for this unit was looking for a header that started with "310N"
So...I created a mini build of FW with the proper header for the 310N unit. (also attached)
[EDIT] - I just found out that BrainSlayer builds have been created (at least since March) with the 310N specific header....The build I posted below is the Eko build 12476 NEWD mini that I inserted the header into.....so if you want an "official" Developer created file you can get them from BrianSlayer's directory....otherwise, feel free to use the one I posted below.
Once this build was loaded, the unit rebooted and functioned properly.
I now have a working WRT310N 4M/32M unit for testing dd-wrt.
Note the JTAG header was bent 90 degrees facing down and an access hole was cut in the case. The Serial is also bent 90 degrees so the contacts remain on the top of the mobo and can be accessed from the top of the mobo...contacts are on the underside of the mobo.
redhawk
DSCN0410.jpg
Description:
WRT310N
Filesize:
501.27 KB
Viewed:
35312 Time(s)
DSCN0417.jpg
Description:
JTAG access from bottom of case.
Filesize:
504.37 KB
Viewed:
35312 Time(s)
dd-wrt.v24_mini_wrt310N.bin
Description:
Mini FW with 310N header for initial load with only CFE....not need to upgrade FW to FW
Joined: 01 May 2009 Posts: 274 Location: San Jose, Ca
Posted: Mon Jul 13, 2009 22:54 Post subject:
great work! hey try flashing the 310N with the NEWD-2 builds i want to try it but i dont have a jtag cable in case it bricks _________________ E3000 K2.6 Eko 16758 Mega
E3000 CB K2.6 EKO 16758 STD USB NAS
WRT610N V2 CB K2.6 Eko15337 STD Nokaid
WRT310N V2 CB K2.6 BS 15362 STD Nokaid
Joined: 01 May 2009 Posts: 274 Location: San Jose, Ca
Posted: Mon Jul 13, 2009 23:00 Post subject:
yeah as soon as i posted this one i looked over in the other thread and saw that post lol but thanks man! im going to upload the mini build on mine! _________________ E3000 K2.6 Eko 16758 Mega
E3000 CB K2.6 EKO 16758 STD USB NAS
WRT610N V2 CB K2.6 Eko15337 STD Nokaid
WRT310N V2 CB K2.6 BS 15362 STD Nokaid
I found the K8P3215UQB datasheet for the flash chip. I have sent it to Tornado for future JTAG support.
But...until then.../fc:19 with TJTAG3 is working to communicate with the device.
redhawk
guys, my brick router (WRT310N) need to recover, I just tried JTAG3 with jtag -erase:kernel /fc:19 /noreset and success twice, then tried with: jtag -erase:nvram /fc:19 /noreset and success also.
but the Power LED flashes and when I'm trying to ping to default IP 192.168.1.1 no respond. WIFI LED is lit. am I doing someting wrong or I'm missed step? and what is the meaning of 30/30/30.. thank you and apologize for my English..
I found the K8P3215UQB datasheet for the flash chip. I have sent it to Tornado for future JTAG support.
But...until then.../fc:19 with TJTAG3 is working to communicate with the device.
redhawk
guys, my brick router (WRT310N) need to recover, I just tried JTAG3 with jtag -erase:kernel /fc:19 /noreset and success twice, then tried with: jtag -erase:nvram /fc:19 /noreset and success also.
but the Power LED flashes and when I'm trying to ping to default IP 192.168.1.1 no respond. WIFI LED is lit. am I doing someting wrong or I'm missed step? and what is the meaning of 30/30/30.. thank you and apologize for my English..
Do you have a static IP set on your rig? 192.168.1.10, mask 255.255.255.0, gateway 192.168.1.1... _________________ PM for Pin Short Instructions
Joined: 04 Jan 2007 Posts: 11563 Location: Wherever the wind blows- North America
Posted: Thu Jul 30, 2009 13:37 Post subject:
ggunawan wrote:
and what is the meaning of 30/30/30.. thank you and apologize for my English..
You need to read the peacock thread at the top of this forum.
hard reset (30/30/30) is covered...as well as how to flash with tftp.
if you have cleared the kernel and nvram...you MUST reload the unit with firmware for it to work again. follow the tftp instructions (peacock step #11) and use the 310n.bin specific build for the first flash. (provided in the original post of this thread)
redhawk _________________ The only stupid question....is the unasked one.
@HardReset: do you mean my computer IP? I have set fixed to 192.168.1.2,
by the way, I'm trying to backup the CFE,KERNEL by using : jtag -backup:cfe /fc:19 /noreset
but the process show "fffffff fffffff fffffff" for each block, this happen both CFE and Kernel. is that mean that the CFE is blank? how to program it? I never use command jtag -erase:cfe ..
and what is the meaning of 30/30/30.. thank you and apologize for my English..
You need to read the peacock thread at the top of this forum.
hard reset (30/30/30) is covered...as well as how to flash with tftp.
if you have cleared the kernel and nvram...you MUST reload the unit with firmware for it to work again. follow the tftp instructions (peacock step #11) and use the 310n.bin specific build for the first flash. (provided in the original post of this thread)
redhawk
@redhawk: thank you for your quick respond.
let me check the thread first.
@HardReset: do you mean my computer IP? I have set fixed to 192.168.1.2,
by the way, I'm trying to backup the CFE,KERNEL by using : jtag -backup:cfe /fc:19 /noreset
but the process show "fffffff fffffff fffffff" for each block, this happen both CFE and Kernel. is that mean that the CFE is blank? how to program it? I never use command jtag -erase:cfe ..
Yep.. cfe is blank assuming your jtag setup is working.. I wonder how that happened
Sorry about being vague with the static thing.. The first thing to do is ping the router after eraseing nvram & kernel. If the cfe is good, the router will respond. It is common for a user to forget to set a static IP in the rig. I do it all the time (forget).
Except for the flashchip being forced, your jtag setup see's the processor right.
If you cfe backup is all ff's, then you need to flash a cfe 1st. _________________ PM for Pin Short Instructions