Linksys E4200 Serial/JTAG Port Guide

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2, 3  Next
Author Message
benryanau
DD-WRT Novice


Joined: 17 Dec 2008
Posts: 32
Location: AU

PostPosted: Mon Jun 18, 2012 21:18    Post subject: Linksys E4200 Serial/JTAG Port Guide Reply with quote
E4200 - The Serial/JTAG Reference Thread

Before now there's been no real info around on adding console and JTAG to the E4200. Certainly no HOWTO like for other models.
Given the "experimental" nature of these models, particularly the NVRAM issue, RS-232 console and JTAG are almost a must-have.
JTAG allows unbricking in almost all cases.
This thread is an attempt to write a modder's guide for the E4200, focusing on JTAG/serial support.

OUTSTANDING QUESTIONS

  • Is there TJTAG support for this platform?
    (Tornado is the man for this)
  • What is the pinout of the JTAG header?
  • Is a pullup resistor (100-300R) required between Vcc and tRST to enable JTAG?


I'd like to be able stick this up on the wiki but it seems adding to the wiki is off-limits to anyone now. Which defeats the idea of a wiki.. (sigh) anyways I'm not going to poke that tiger again.

I'll edit as information comes to hand, please pm or post if you have anything that might help.


==
{Watch the casing, it's a real pr*ck}

1)a) Four base screws
Simple enough, four small phillips head screws.
Don't lose 'em, yeah?

1)b) The Warranty Label Razz
First, use a bit of light solvent (electrosolve, brake cleaner etc) on the warranty label top rear near Gig0/0 to gently roll one side off, so it will stick on again when you're done. Hey if you can keep the warranty, why not?


1)b) Loosening The Middle Strip
The middle strip running across the top has to come off. The strip has hooks poking towards the outside so lever a spudger to arch the strip up in it's middle. Run along progressively till you hit the end but DON'T remove it yet!

1)c) Detaching The Middle Strip
The middle strip has an end retaining clip that breaks real easy. Don't angle the strip away, use a tool to separate the end of the strip from its housing recess (where the hook is).

2)a) Notes on these casings
The lid has retaining 'rings' all round that hook over and onto plastic hooks moulded into the base.
So angle your spudger so it's pushing the top/lid into the centre, while peeling the base section out and away freom the lid. Pic's worth a thousand here.. You'll have to push the plastic in on the the base half where its hooks are as you go, to avoid snapping off the retaining clips on the top.

2b) Removing The Lid
START AT THE BACK, THEN FRONT, then sides.
Anyways assuming it's open..

The Following Steps Are Still Under Construction

3)Locate the serial header
The seriad header appears to be present but unpopulated. There's a set of through holes for a standard 2.54mm pitch 5-pin inline header, marked J82. The pinout needs to be confirmed.
UPDATE: For pinout see Ref1.

4) Install the serial header pins

5) Locate the JTAG Header
JTAG is available via another unpopulated block, double row 12 pins labelled JB3. It's a real bitch, call it a "micro JTAG" header. It's tiny, both in pin size and pitch. My calipers say 1mm spacing, 0.5-0.75mm pin diameter. The JST-SH line of connector may fit it, they're 1.25mm.
Update: Forum member jrscs says this is 1.27mm pitch, Mouser stocks it (Ref2)

6) Install JTAG header pins
In the absence of proper sized header pins and socket, cut 7 x 10mm pieces of appropriate gauge copper wire (should be a snug fit in the holes).
Put a 45* bend in each about halfway down.

To make sure the solder flows and sticks smooth and quick, polish the coppery PCB pads on the header with a pencil eraser thoroughly, top and bottom. Finish with a solvent like alcohol or acetone to remove any oils.

You'll need a good fine-tipped soldering iron (and fine solder) for this job.

Pre-tin the tips of all 7 pins (lightly!) and solder them into the board, with the angled heads laid out in a splayed "fan-out" arrangement.
Use your head here, they should be angled so they're easy to connect to without risking any shorts.

7) Connect your JTAG Adapter to the header
Squeeze the tips of the PCB pins with some pliers to flatten them out a bit. This should make them a snug fit into a normal Dupont/2.54mm female socket.
So here, normal female-to-male jumpers can be used to hook the signals into your JTAG adapter's IDC connector. A bit of Blu-Tack (or whatever adhesive putty is called where you are) or tape should be used to secure both the jumpers and the adaptor ribbon to the PCB just for safety.


RF Notes
The RF fronts ends are the usual SkyWay SiGe family. Unfortunately their max TX power is rather limited.. somethings a bit funny here cause the 5ghz section specs dual-band RF components - perhaps the 11G section shares with 11A???)

802.11b - 22dBm
802.11g - 18dBm
802.11a - 16dBm

The shielded area at front right contains the 802.11a/5Ghz RF finals (SiGe SE2594L's), the front left has the 2.4Ghz (SiGI 2528L 2xMIMO section (I think one chain is diversity-enabled)
Note the bastards fitted U.FL's to the 5Ghz section but soldered the 2.4 antenna pigtails direct.. grr. and you can see the pads for the u.FL further back along the trace.

If you want to add external antennas, add the 2.4 Ghz to the pads closest to the switch ports (eg "ANT2G0") - unsolder the existing, don't be tempted to use the u.FL pads cause there's no ESD protection that far back.
For 5Ghz, it's plug n play though I'd go for far front right "J12" just to try and grab the first chain.

Ref1: E4200 Serial Pinout
[img]https://skydrive.live.com/embed?cid=E55F3F5F75B5A7BB&resid=E55F3F5F75B5A7BB%211175&authkey=AFrpLcwuUQwP4RQ[/img]

Ref2: JTAG pin header for the e4200 at Mouser (www.mouser.com). It is 1.27 mm row spacing and manufacturing part number 20021111-00012T4LF.
Samtec also makes them, header is FTSH series.

Ref3: JB3 PCB JTAG Area Image
[img]https://skydrive.live.com/embed?cid=E55F3F5F75B5A7BB&resid=E55F3F5F75B5A7BB%211177&authkey=AB4MfBI_Da3oM9w[/img]

PROGRESS NOTES:
JTAG Pinout
As the pinout is still unconfirmed I wire-wrapped 12 lengths of Kynar onto the cobbled-up pins and terminated them into some perfboard, setup as a fully reconfigurable 12-pin 2.54mm breakout board.
From here I can logic-analyse, measure volts and resistances to earth for each pin. Once I've some idea of what may be what I can jumper to the JRAG adapter all the likely combinations, and hopefully nail the proper pinout.

Serial Connection
While tyring to confirm the serial pinout I might have cooked the CPU's UART.. I can't get anything from the TX/RX pins, not even on the 'scope. I got a bit of a tingle from the router when I was working on it powered up so I checked its ground against mains earth.
Seems the plugpack I was using was very 'leaky', meaning the DC output was sitting 75v AC above earth.
I'm worried the AC has grounded out via the desktop PC through the data pins of the router serial port. That'd probably pop the UART driver.
And I can't find another v1.0 E4200 Sad

*UPDATED: Added serial pinout, JTAG connector info[/b]



E4200 JTAG Block Pic (web).jpg
 Description:
Closeup of unpopulated JTAG header PCB
 Filesize:  79.25 KB
 Viewed:  56811 Time(s)

E4200 JTAG Block Pic (web).jpg



E4200 Serial Pinout.jpg
 Description:
Serial Pin Signal Assignments
 Filesize:  31.78 KB
 Viewed:  56811 Time(s)

E4200 Serial Pinout.jpg



_________________
========================
<<CURRENTLY WORKING ON>>
-Netgear WNR3500Lv1 w/DD-WRT v24-sp2 (03/19/12) big - build 18777
-Buffalo WBR-G54 w/DD-WRT v24_pre_sp2 (08/07/10) std - build 14896
Sponsor
benryanau
DD-WRT Novice


Joined: 17 Dec 2008
Posts: 32
Location: AU

PostPosted: Sun Dec 02, 2012 12:57    Post subject: Reply with quote
Updated with serial pinout, more JTAG info and pics.

If anyone can provide ANY further info it would be most appreciated!

_________________
========================
<<CURRENTLY WORKING ON>>
-Netgear WNR3500Lv1 w/DD-WRT v24-sp2 (03/19/12) big - build 18777
-Buffalo WBR-G54 w/DD-WRT v24_pre_sp2 (08/07/10) std - build 14896
leshan
DD-WRT Novice


Joined: 12 Sep 2007
Posts: 13

PostPosted: Sun Apr 07, 2013 0:35    Post subject: Reply with quote
Anyone had success? I believe the E4200 has the common Linksys Jtag pinout.
http://www.tiaowiki.com/w/Universal_JTAG_User_Manual_%28Parallel%29

http://www.tiaowiki.com/forums/index.php/topic,4093.0.html

benryanau wrote:
Updated with serial pinout, more JTAG info and pics.

If anyone can provide ANY further info it would be most appreciated!
jakob
DD-WRT Novice


Joined: 24 Dec 2013
Posts: 7

PostPosted: Fri Dec 27, 2013 16:22    Post subject: Reply with quote
Hi everybody!

I have a soft bricked e4200 v1 and long story short it was my fault flashing dd-wrt.v24-23138_NEWD-2_K2.6_big-nv60k.bin after successfully flashing a mini build.

After reading a lot and trying a lot this is what I know:
I get 4 to 5 ttl=100 ping replies after powering up, so it is possible to send a file with tfpt (tried both on windows and linux - binary mode!) but it does not get accepted.
So - next step is a serial flash, so I hooked up my e4200 to my raspberry pi using an old serial cable I had lying around.

I used the jtag layout suggested by benryanau and directly soldered them on the e4200 pcb.

This is the other end. TX is connected to RX on the pi and vice versa.


I prepared my pi (using wheezy-raspbian) to use minicom to connect according to that document:
https://github.com/lurch/rpi-serial-console

reboot and put to listen with
Code:
sudo minicom -b 115200 -o -D /dev/ttyAMA0


and after everything is set up (I connected my router to a second nic with fixed ip 192.168.1.8 subnet 255.255.255.0) I powered that e4200 on.

I still get ttl=100 ping replies after powering up, but minicom does not show anything.
What is the missing part in here? Do we need to connect 3.3 Vcc? Second GND? I am far above my level here and hope you guys can help me out.
LOM
DD-WRT Guru


Joined: 28 Dec 2008
Posts: 7632

PostPosted: Fri Dec 27, 2013 17:17    Post subject: Reply with quote
jtag and serial are two different things, you have connected your serial adapter to the jtag port and not to the serial port.
The serial port is the 5 hole area oon the right side of the pcb (near the back of the router).

_________________
Kernel panic: Aiee, killing interrupt handler!
jakob
DD-WRT Novice


Joined: 24 Dec 2013
Posts: 7

PostPosted: Fri Dec 27, 2013 18:15    Post subject: Reply with quote
Thanks for your quick reply LOM!
I was able to connect with the right serial port (near the back/on of the five antennas) proceeding with the same setup!
Stock fw is up and I am currently working on putting a proper dd-wrt version on it, this time it will be dd-wrt.v24-23040_NEWD-2_K2.6_mega-e4200.bin

Thanks a lot!! Very Happy
jakob
DD-WRT Novice


Joined: 24 Dec 2013
Posts: 7

PostPosted: Fri Jan 03, 2014 16:45    Post subject: Reply with quote
Since I just took a picture for FWRoo I thought I'd share this for everybody else too


These are the ports that worked to get me into CFE boot using a serial connection.
MichiW
DD-WRT Novice


Joined: 03 Jan 2014
Posts: 2
Location: Germany - Bochum

PostPosted: Fri Jan 03, 2014 16:48    Post subject: Reply with quote
jakob wrote:
Thanks for your quick reply LOM!
I was able to connect with the right serial port (near the back/on of the five antennas) proceeding with the same setup!
Stock fw is up and I am currently working on putting a proper dd-wrt version on it, this time it will be dd-wrt.v24-23040_NEWD-2_K2.6_mega-e4200.bin

Thanks a lot!! Very Happy


Hey jakob,

could you please explain in more detail how you unbricked your E4200?
I just bricked mine on January 1st so it was a not so nice start of 2014 to me...

I followed each step in the flash how-to (http://www.dd-wrt.com/wiki/index.php/Linksys_E4200) except that i used the newest brainslayer firmware (ftp://ftp.dd-wrt.com/others/eko/BrainSlayer-V24-preSP2/2013/12-24-2013-r23204/broadcom_K26/dd-wrt.v24-23204_NEWD-2_K2.6_mini-e4200.bin). After starting the flash process the device made a restart and that's it.
After power on the device replies to 4 or 5 pings and the tftp-server is accessible for a moment. But all attempts to flash the device that way failed.

I was happy to find this post and the positive outcome by using a Raspberry Pi! I also have one as well as some 3.3V USB/UART-converters...
After using DD-WRT for so many years and flashing so many devices this was the first time it ended up with a paperweight...
So i look forward to unbrick my E4200, too!

Cheers!
Michael
jakob
DD-WRT Novice


Joined: 24 Dec 2013
Posts: 7

PostPosted: Fri Jan 03, 2014 17:01    Post subject: Reply with quote
Well, just connect it up like I did and prepare your pi to use that connection (that one github link I posted..) - install minicom and start listening to that connection with the following command
Code:
sudo minicom -b 115200 -o -D /dev/ttyAMA0


Make sure you have your router connected to another pc or another nic that you manually configure to use 192.168.1.8 subnet 255.255.255.0 and prepare tftp with stock firmware!
Power it up, as soon as you see output in minicom hit ^C until it stops booting and drops you to a shell.

First execute
Code:
nvram erase

then prepare it to accept stock firmware with
Code:
flash -ctheader : flash1.trx

as soon as you executed that send stock firmware with tftp!
you will see it loading up, and when you get a prompt again just enter
Code:
go

wait a few minutes (you can watch output on your serial console) and you are back on stock firmware.

This is pretty much covered http://www.dd-wrt.com/wiki/index.php/Serial_Recovery
and I got the idea to use my raspberry from http://appventures.tweakblogs.net/blog/8736/unbricking-your-router-with-a-raspberry-pi.html
MichiW
DD-WRT Novice


Joined: 03 Jan 2014
Posts: 2
Location: Germany - Bochum

PostPosted: Fri Jan 03, 2014 17:38    Post subject: Reply with quote
jakob wrote:
Well, just connect it up like I did and prepare your pi to use that connection (that one github link I posted..) - install minicom and start listening to that connection with the following command
Code:
sudo minicom -b 115200 -o -D /dev/ttyAMA0


Make sure you have your router connected to another pc or another nic that you manually configure to use 192.168.1.8 subnet 255.255.255.0 and prepare tftp with stock firmware!
Power it up, as soon as you see output in minicom hit ^C until it stops booting and drops you to a shell.

First execute
Code:
nvram erase

then prepare it to accept stock firmware with
Code:
flash -ctheader : flash1.trx

as soon as you executed that send stock firmware with tftp!
you will see it loading up, and when you get a prompt again just enter
Code:
go

wait a few minutes (you can watch output on your serial console) and you are back on stock firmware.

This is pretty much covered http://www.dd-wrt.com/wiki/index.php/Serial_Recovery
and I got the idea to use my raspberry from http://appventures.tweakblogs.net/blog/8736/unbricking-your-router-with-a-raspberry-pi.html


Thank you for this explanation!

Unfortunately i can't connect my Raspi and try it because my soldering iron got broken! So i have to wait up until monday/tuesday to solder it at work.
2014 seems to be star-crossed...

Anyway, thank you jakob!

Cheers!
Michael
pious_greek
DD-WRT Novice


Joined: 04 Jan 2014
Posts: 2

PostPosted: Sat Jan 04, 2014 21:19    Post subject: succesful debrick using arduino as serial interface Reply with quote
I can confirm the above method works with an arduino uno R3 as well. I successfully unbricked my e4200 after bricking it with the latest n60k build.

i put the arduino into tri-state mode by connecting the arduino Reset and Ground pins, this essentially disables or bypasses the atmege 328 chip so you are using the arduinos on board usb to ttl convertor.

I then connected the arduino to the linksys e4200:
ground to ground
linksys tx to arduino tx pin via 1k ohm resistor
linksys rx to arduino rx pin via 1k ohm resistor

the 1k ohm resistors are probably important here.

i realize normally you would want to connect rx to tx and vice versa, but for some reason this is not the case here. i'm not sure why it would be opposite with the arduino in tri state mode.

anyhow, flashed the stock firmware using tftp (from ubuntu terminal) while using the minicom and arduino as a serial communicator.

thank you for the help
johnnyNobody999
DD-WRT User


Joined: 10 Jan 2014
Posts: 444

PostPosted: Sun Jan 26, 2014 2:14    Post subject: Reply with quote
I tried to use the serial port to unbrick my E4200V1 also with no luck.

Setup:

minicom on Ubuntu
minicom bit rate set to 115k
ttyUSB0 (PL2303 serial port)
used a DB9F and cable to connect to the E4200 pinouts shown in this thread
even tried reversing TXD and RXD connections

nothing shows up on the screen.

So, I looped back the cable after disconnecting from the E4200 and got a character echo so I know my setup is good. I doubt that I'm going to spend the money to try to recover the router with a jtag cable. But, you never know.
LOM
DD-WRT Guru


Joined: 28 Dec 2008
Posts: 7632

PostPosted: Sun Jan 26, 2014 8:28    Post subject: Reply with quote
johnnyNobody999 wrote:

used a DB9F and cable to connect to the E4200 pinouts


Any usb-serial cable that has a DB9 connector is RS-232 +-12V and not 3.3/5V TTL level.
I must have written that more than 100 times over the years here..

_________________
Kernel panic: Aiee, killing interrupt handler!
Gameman Advanced Kid
DD-WRT Guru


Joined: 18 Nov 2012
Posts: 1020

PostPosted: Sun Jan 26, 2014 14:33    Post subject: Reply with quote
johnnyNobody999 wrote:
I tried to use the serial port to unbrick my E4200V1 also with no luck.

Setup:

minicom on Ubuntu
minicom bit rate set to 115k
ttyUSB0 (PL2303 serial port)
used a DB9F and cable to connect to the E4200 pinouts shown in this thread
even tried reversing TXD and RXD connections

nothing shows up on the screen.

So, I looped back the cable after disconnecting from the E4200 and got a character echo so I know my setup is good. I doubt that I'm going to spend the money to try to recover the router with a jtag cable. But, you never know.


buy this usb serial ttl adapter

and in case those cables are not long enough for you, buy this usb extension cable

that way, you can plug the usb ttl into the extension so it will be closer to your router in whatever desk or enviroment your in.

make sense?

_________________
For people who are new to the dd-wrt forums >> http://www.catb.org/~esr/faqs/smart-questions.html#rtfm

barryware wrote:
It takes a "community" to raise a router..


Internet Connection 1
Gateway Router > WRT1900ACv1

Internet connection 2
NAS-AP > WRT32x

DD-WRT non-official LIVE element/matrix chat

https://matrix.to/#/#dd-wrt_non_official:matrix.org
NeoNapster
DD-WRT Novice


Joined: 23 Aug 2006
Posts: 15

PostPosted: Tue Feb 04, 2014 21:08    Post subject: E4200 V1 Softbricked! Reply with quote
I have a USB serial working connected, I can see the output and even hit Ctrl C quick enough to get to a prompt but this is where things go wrong,

CFE> nvram erase

but when I hit enter nothing happens, it's as if the enter key does not work, the text remains as it is, no commands work at all and I don't get back to a prompt.

any ideas?

Many Thanks.
Goto page 1, 2, 3  Next Display posts from previous:    Page 1 of 3
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum