Posted: Thu Feb 11, 2010 1:45 Post subject: Japanese WZR-HP-G300N will not install dd-wrt.
I'm starting a new thread here specifically for this problem, in the hope that a solution can be found...
In another thread there are 2 people currently trying to install dd-wrt on our Japanese model WZR-HP-G300N.
Currently, it will not install, because u-boot on these devices checks on whether the firmware image being tftp'ed to them is a Japanese version or not.
I quote from the other thread:
Quote:
@psyphah: i think you are right, i try update new firmware 1.71-eu and here the infos by serial:
there are check_specification Uboot and firmware, that why firmware dd-wrt can't flash.
Do you kwon which is the specification of firmware? it can change to flash?
Sorry for my bad englsih.
Now, following from that I used a hex editor and searched for any suspect strings in the Japanese buffalo firmware images:
Quote:
@yaiba
You're English is better than my Japanese Wink
Ths is very interesting - it seems u-boot on the Japanese models IS in fact checking that the firmware is for Japanese models or not. I wish I knew how to get a serial port up and running.
I had a look at the Japanese firmware image (wzrhpg300nh-172) with a hex editor and found this sequence of bytes at offset 0x50:
Code:
4D 5F 00 00 00 01 00 00 6A 70
Which in ASCII looks like:
Code:
M_......jp
Now for me that's too much of a coincidence to be anything other than a code which the Japanese u-boot checks for.
So. So far I have checked an older version of the buffalo firmware and also found the same string sequence at the same offset 0x50.
It appears that the Japanese buffalo "team" have altered u-boot to specifically check for this string.
The excerpts from yaiba"s serial console output are the most relevent;
This was when he tried to upgrade using the EU version of the buffalo firmware.
And of course it performs the upgrade becuase the Japanese firmare string matches "M_00000001".
Ok and now on to my question(s);
1) Any dd-wrt developers reading this thread?
2) If so, how can your dd-wrt image be altered or adjusted so that I can finally get dd-wrt installed on this device?
3) Anyone else useful have any ideas? ;)
Have you tried hex editing the binary and changing the value yourself? Even if it doesn't work, it shouldn't effect the boot loader and so you could always revert.
EDIT:
That being said I have NO IDEA whether or not this value has a standard location. For all I know changing that string could brick your router. I think the odds of that happening are very low since the firmware should leave the bootloader alone, but I just wanted to be clear.
Joined: 06 Jun 2006 Posts: 7492 Location: Dresden, Germany
Posted: Fri Feb 12, 2010 3:05 Post subject:
you cannot install the firmware with webinterface. buffalo uses encrypted webflashs only. the only way is a special trick with tftp on buffalos uboot bootloader. it listens for external tftp uploads at some point and this is where you can use the tftp firmware format i provide. everything else is useless. unfortunatly i cannot provide the flashing trick right now since buffalo has not given us the permission to publish it. but to help you out to find it by yourself.
arp –s 192.168.11.1 xx-xx-xx-xx-xx-xx && tftp –i 192.168.11.1 put sample_fw.img
is the script you need for updating
just try to find out the correct mac address you need to fill in into the arp command. its not hard if you read the uboot serial log
this tftp command must be executed while the uboot is running or lets say. the first few seconds after you powered on the device. the timing here is critical too. its a certain point and the timeslot is also just 2 seconds where you have todo this
use the wzrg300nh-firmware.tftp file for this
but one big fat warning. there is no way back to the original firmware and dd-wrt is still under development for this device. so do not play if you think you would go into any risc. i have this device here locally running and i'm using it as my main ap, but i dont know if all works well for you
i will publish the full flashing instructions and hopefully also a web flashable image when its done. _________________ "So you tried to use the computer and it started smoking? Sounds like a Mac to me.." - Louis Rossmann https://www.youtube.com/watch?v=eL_5YDRWqGE&t=60s
...there is no way back to the original firmware and dd-wrt is still under development for this device. so do not play if you think you would go into any risc. i have this device here locally running and i'm using it as my main ap, but i dont know if all works well for you
i will publish the full flashing instructions and hopefully also a web flashable image when its done.
Thanks for the information.
I wonder whether it is possible to go back to original firmware if installing dd-wrt with webinterface.
Thanks for your reply, but, it's the tftp method I've been using all along :)
As I stated in my original post, u-boot on the Japanese models is checking specifically that the firmawre image has a byte-string which says "this is Japanese firmware".
It doesn't matter how many times I attempt to use the .tftp image. The Japanese model I have will not use the .tftp image after it has been transferred. The tftp transfer takes place with no errors but some seconds after transfer is complete the unit boots into the stock buffalo firmware :)
Once again - the Japanese manufacturers appear to have altered u-boot on the Japanese model WZR-HP-G300N's to verify that the firmware image being transferred has a byte string as indicated in my initial post. The serial port output in my first post is from another user also located in Japan who linked up a serial console to his WZR and monitored the output whilst transferring the firmware image - now, on saying that it kinda looks like he was using the web interface in his case. But in my case I've been using tftp all along :)
but one big fat warning. there is no way back to the original firmware and dd-wrt is still under development for this device. so do not play if you think you would go into any risc. i have this device here locally running and i'm using it as my main ap, but i dont know if all works well for you
I don't know if Brainslayer refers to only the Japanese version but on my European model I have been able to flash from stock firmware to DD-wrt and back again with no problem using the tftp method under linux.
Joined: 06 Jun 2006 Posts: 7492 Location: Dresden, Germany
Posted: Fri Feb 12, 2010 14:34 Post subject:
psyphah wrote:
Brainslayer, hi.
Thanks for your reply, but, it's the tftp method I've been using all along :)
As I stated in my original post, u-boot on the Japanese models is checking specifically that the firmawre image has a byte-string which says "this is Japanese firmware".
It doesn't matter how many times I attempt to use the .tftp image. The Japanese model I have will not use the .tftp image after it has been transferred. The tftp transfer takes place with no errors but some seconds after transfer is complete the unit boots into the stock buffalo firmware :)
Once again - the Japanese manufacturers appear to have altered u-boot on the Japanese model WZR-HP-G300N's to verify that the firmware image being transferred has a byte string as indicated in my initial post. The serial port output in my first post is from another user also located in Japan who linked up a serial console to his WZR and monitored the output whilst transferring the firmware image - now, on saying that it kinda looks like he was using the web interface in his case. But in my case I've been using tftp all along :)
Regards.
but your serial is no uboot log. its taken from the already bootet buffalo firmware. so this is not valid. the tftp method works only from uboot and you should post the uboot serial log if you have problems with flashing it with tftp. so please do it in the correct way and if it fails, post the serial log and error log from uboot. this log here is not from uboot _________________ "So you tried to use the computer and it started smoking? Sounds like a Mac to me.." - Louis Rossmann https://www.youtube.com/watch?v=eL_5YDRWqGE&t=60s
you cannot install the firmware with webinterface. buffalo uses encrypted webflashs only. the only way is a special trick with tftp on buffalos uboot bootloader. it listens for external tftp uploads at some point and this is where you can use the tftp firmware format i provide. everything else is useless. unfortunatly i cannot provide the flashing trick right now since buffalo has not given us the permission to publish it. but to help you out to find it by yourself.
arp –s 192.168.11.1 xx-xx-xx-xx-xx-xx && tftp –i 192.168.11.1 put sample_fw.img
is the script you need for updating
just try to find out the correct mac address you need to fill in into the arp command. its not hard if you read the uboot serial log
this tftp command must be executed while the uboot is running or lets say. the first few seconds after you powered on the device. the timing here is critical too. its a certain point and the timeslot is also just 2 seconds where you have todo this
use the wzrg300nh-firmware.tftp file for this
but one big fat warning. there is no way back to the original firmware and dd-wrt is still under development for this device. so do not play if you think you would go into any risc. i have this device here locally running and i'm using it as my main ap, but i dont know if all works well for you
i will publish the full flashing instructions and hopefully also a web flashable image when its done.
Just thought I'd point out that while it may have been the case in the past, currently you can revert to buffalo firmware using tftp with the latest buffalo .enc file. I wasn't the first to do this, but I have confirmed it.
but your serial is no uboot log. its taken from the already bootet buffalo firmware. so this is not valid. the tftp method works only from uboot and you should post the uboot serial log if you have problems with flashing it with tftp.
Hi. If you read what I posted again, you will see that I already know the serial output was from the already booted buffalo firmware.
Quote:
so please do it in the correct way and if it fails, post the serial log and error log from uboot. this log here is not from uboot
Again if you read what I wrote you will see that I already am doing it via tftp :)
I have no serial interface wired to this unit - I don't know how. The serial output was from another user.
The tftp transfer is completing 100% of the times I try.
Even though the serial output is from the web upgrade, I think that the following output from that
If I can get a serial port up and running on the unit then I will - I need a pointer to how to do it on that router.
I also just got this router of Japanese version and I have the same problem. Unfortunately I did not do enough investigation before I purchased it, I only checked the DD-WRT router compatability list where it says that this router can be used with DD-WRT. I did not think that it could be a problem for only Japanese models.
Anyway, Im also happy to help out in any way possible to get DD-WRT running on this router. Perhaps collecting information or running some tests.
Perhaps this can be useful in some way... I downloaded a lot of different versions FW.
US 1.65
EU 1.65
Singapore 1.65
JP 1.60
JP 1.65
JP 1.70
JP 1.72
The three first files are identical. I downloaded them from three different places but I guess Buffalo use the same FW for these locations.
I used a hex editor to compare the JP FW with the non-JP FW. See the screen shots that I attached. Im no expert in this but from what I can see there is a clear pattern in the JP FW and it is very different compared to the non-JP FW.
Joined: 06 Jun 2006 Posts: 7492 Location: Dresden, Germany
Posted: Mon Feb 15, 2010 5:58 Post subject:
i got some information from buffalo HQ in japan. TFTP is disabled in all japanese models within the bootloader due local regulatory laws in japan. its not allowed to installed alternate firmwares on wireless devices in japan, since this might be in conflict with the original conformance tests. so my question. where did you buy these devices? please tell me the store / country if it wasnt in japan directly.
in addition. the final version (comming soon) of dd-wrt will be web flashable for these devices. but i cannot guarantee if i'm allowed to provide these images for japanese models too. still negotiating the details with buffalo _________________ "So you tried to use the computer and it started smoking? Sounds like a Mac to me.." - Louis Rossmann https://www.youtube.com/watch?v=eL_5YDRWqGE&t=60s
i got some information from buffalo HQ in japan. TFTP is disabled in all japanese models within the bootloader due local regulatory laws in japan. its not allowed to installed alternate firmwares on wireless devices in japan, since this might be in conflict with the original conformance tests. so my question. where did you buy these devices? please tell me the store / country if it wasnt in japan directly.
in addition. the final version (comming soon) of dd-wrt will be web flashable for these devices. but i cannot guarantee if i'm allowed to provide these images for japanese models too. still negotiating the details with buffalo
I bought mine in Japan - where I live. The store is a local PC shop there and I can tell you now that tftp is not disabled because the tftp process does occur - unless what they are meaning is that a tftp transfer does happen but is ignored. I don't know where danne99se bought his. I do know that the other user called yaiba lives in Japan.
I'll be pretty pissed off with Bufallo Japan if they are saying I cannot do what I want with hardware I have bought and own.
Joined: 06 Jun 2006 Posts: 7492 Location: Dresden, Germany
Posted: Mon Feb 15, 2010 7:51 Post subject:
nobody yet provided me a tftp process serial log from the uboot. all what i have seen is a log which was done from the firmare itself. the whole thread is just filled up with linux logs. i have a older WZR G300NH here which might be the japanese model and this one has no tftp feature enabled within the bootloader. the firmware itself will only accept encrypted images unlike the uboot bootloader on european models. so please provide a uboot log which a tftp transfer try or just a plain uboot log. _________________ "So you tried to use the computer and it started smoking? Sounds like a Mac to me.." - Louis Rossmann https://www.youtube.com/watch?v=eL_5YDRWqGE&t=60s
:MEMORY CHECK...
