@Malachi: from what I have read from other posts erasing nvram and kernel should be just enough for an E4200.
@alins75: could you please post for me a full bootlog and also nvram content?
As I explained in my other thread http://www.dd-wrt.com/phpBB2/viewtopic.php?p=890722 my router was bricked. I used a flash programmer to write CFE and the entire firmware. After posting in my thread and further research I realized my router hangs after executing the command insmod wl which handles the radio drivers. So my router might have a broken radio chip.
BR
Last edited by xebbmw on Wed May 07, 2014 20:54; edited 1 time in total
My E4200 remains bricked after a case of flashing the wrong firmware. Can it be fixed via a serial cable or is a JTAG cable needed? Also, could you post pics of the cables/equipment you used and links to the compatible cables on dx.com?
My E4200 remains bricked after a case of flashing the wrong firmware. Can it be fixed via a serial cable or is a JTAG cable needed? Also, could you post pics of the cables/equipment you used and links to the compatible cables on dx.com?
My E4200 remains bricked after a case of flashing the wrong firmware. Can it be fixed via a serial cable or is a JTAG cable needed? Also, could you post pics of the cables/equipment you used and links to the compatible cables on dx.com?
Many thanks for the pic alins75. As complicated as it is for a non tech guy like me, I was willing to do it just to give a lease of life to my 4200 but the requirement of serial port is a bummer. Is a serial port absolutely essential?
Well, the serial recovery can be done using an USB adapter.
For this jTAG cable you will need a parallel port.
The serial recovery is one thing that I recommend you to try first. In most cases will do.
For me the JTAG recovery is kind of the last resort.
For serial connection(actually trough USB) I used a PL 2303HX USB to TTL adapter. It works just fine with putty or hyperterminal. You can find them on dx.com for 3 or 4 $.
Posted: Fri May 02, 2014 16:32 Post subject: Re: HOWTO - unbrick Linksys E4200 v1 with JTAG
alins75 wrote:
8. reboot the e4200 and perform a serial recovery
- alternatively (worked for me) after reboot start the tftp recovery with tftp.exe using the latest stock firmware: FW_E4200_1.0.05.007_US_20120823_code.bin
Hi,
Alins75: when you are executing tftp.exe the router is stuck at processing when I tried to upload original firmware FW_E4200_1.0.05.007_US_20120823_code.bin. Did you experience the same? I will try to do it again when I have some time.
I tried uploading the firmware using a dd-wrt e4200 mini firmware, in this case the update processing worked fine (the router was not stuck in processing). However after the firmware is loaded and the router restarts some messages were raised as it could not find eth0, eth1, wl0, wl1. I guess it has something to do with nvram variables.
And about tftp.exe, up to now I tried always with the tftp client from WinXP but it looks I was wrong. Did you use tftp.exe or tftp2.exe?
Posted: Thu May 08, 2014 10:16 Post subject: cfe backup is not exactly as original
hi alins75,
i've follow your steps and when i backup the cfe(step6), and open it with an hex editor,the last line is missing in the backup.
i, tried the step 7 and get this outpout in the serial console.
any idea of what causing this problem?
thanks
Hi to all,
i have an e4200 bricked in the same way as yours.
I tried all the steps from 1 to 7 except for that i had to omit /nobreak and /noreset
after all i have the same problem
What i don't understand is why my router reports a cpu speed of 480mhz and yours 133.
I'm open to suggestions. I also tried to do a erase:wholeflash twice
CFE version 2010.09.20.0 based on BBP 1.0.37 for BCM947XX (32bit,SP,LE)
Build Date: Fri Nov 12 11:01:26 CST 2010 (lzh@team2-complier)
Copyright (C) 2000-2008 Broadcom Corporation.
Init Arena
Init Devs.
No DPN
This is a Serial Flash
Boot partition size = 262144(0x40000)
Found an ST compatible serial flash with 256 64KB blocks; total size 16MB
sflash_cfe_probe: flash type ST, nparts 4
sflash_cfe_probe: idx 0, name boot, descr ST Serial flash offset 00000000 size 256KB
sflash_cfe_probe: idx 1, name trx, descr ST Serial flash offset 00040000 size 1KB
sflash_cfe_probe: idx 2, name os, descr ST Serial flash offset 0004001C size 16068KB
sflash_cfe_probe: idx 3, name nvram, descr ST Serial flash offset 00FF1000 size 60KB
sflash_cfe_probe: flash type ST, nparts 3
sflash_cfe_probe: idx 0, name boot, descr ST Serial flash offset 00000000 size 256KB
sflash_cfe_probe: idx 1, name trx, descr ST Serial flash offset 00040000 size 16068KB
sflash_cfe_probe: idx 2, name nvram, descr ST Serial flash offset 00FF1000 size 60KB
sflash_cfe_probe: flash type ST, nparts 0
CPU type 0x19740: 480MHz
Tot mem: 65536 KBytes
board_final_init: commit=0, restore_defaults=0Boot version: v5.2
The boot is CFE
mac_init(): Find mac [C0:C1:C0:F7:17:5F] in location 0
Nothing...
country_init(): Find country code in location 0
The country is same
**Exception 8: EPC=80718DDC, Cause=80008008 (TLBMissRd)
RA=80718DE4, VAddr=0000000C
Posted: Mon Aug 08, 2016 16:10 Post subject: Re: HOWTO - unbrick Linksys E4200 v1 with JTAG
Old thread I know but I got my E4200 un-bricked using Serial yesterday. It is possible !!!
I had the same issue with the looping CFE boots complaining about a bad image1 and bad boot block before that.
What I found is using the CFE CLI to perform the "flash" command on the E4200 just didn't work. It would pull the image over TFTP then reboots and immediately goes into the CFE boot loop (saying the image isn't right and hoping a TFTP server exists for it to attempt to a pull again auto-magically on it's own ...) I tried multiple attempts from various blog entries on handling Serial CFE flash-from-external-file attempts ... even a few from the OpenWRT forums. Nothing worked at the CFI CLI using the CFE "flash" command.
BUT, what did work was running this at the CFE command line (which is on dd-wrt forums):
flash -ctheader : flash1.trx
and then on my Macbook Pro - did up to the "put" command before running the "flash" command above:
tftp 192.168.1.1 <<<- IP address of the E4200 while attached via TTL 232 cable
binary
rexmt 1
timeout 60
tftp> put <correct .bin file> <<<<- had this typed into the my MBP CLI but hadn't hit ENTER yet.
Once executed the "flash" command in CFE, I had enter on the put command ... POOOF ... un-bricked.
So I think I learned this:
1) On the E4200, the CFE flash command for pulling external files from an external TFTP isn't reliable or flat out doesn't work.
2) Setting binary mode on the TFTP command is a requirement !! At least on my MBP it is. The OS X tftp OOTB command isn't a smart TFTP client that auto-magically attempts to detect binary vs ASCII files.
3) For those new to CFE like me, the "flash -ctheader : flash1.trx" command actually enables a rather short lived TFTP *SERVER* service on the E4200 waiting for stuff to be pushed into via an external TFTP client.
4) The TFTP binary client side option came from a OpenWRT blog post. If the DD-WRT forum mentions this I likely missed it as the threads for unbricking are long.
Seems the CFE TFTP Server Service knows how to update the firmware in a working fashion vs the CFE flash-from-external-file path which doesn't. I'm wondering if the flash-from-external-file path isn't doing BINARY mode transfers - or maybe it's expecting the TFTP Server to already be in BINARY transfer mode.
Anyway, in short, you can unbrick a E4200 over serial !!!
P.S. and Yes getting the case opened on a E4200 is a royal PITA. My warranty is fully and completely toast Whatever ... it's unbricked.
Hi Alins! I have same problem with my router, i made a jtag cable form your guide, connected it to the router, it's looks fine, but when i trying brjtag probe its stops on Clearing Watchdog... can i just Ctrl + C and go to next command?
Or maybe you can tell me what to do to fix this?
Thx.
See the jtag wiki article. You might want /ncw command, or something like that. _________________ SIG:
I'm trying to teach you to fish, not give you a fish. If you just want a fish, wait for a fisherman who hands them out. I'm more of a fishing instructor.
LOM: "If you show that you have not bothered to read the forum announcements or to follow the advices in them then the level of help available for you will drop substantially, also known as Murrkf's law.."
Posted: Wed Nov 23, 2016 5:10 Post subject: Help with boot loop...
I just brick my e4200 v1 , have the exactly same issue a infinite loop with the same msg of first post, I connected serial with usb ttl uart, I can see boot loop, but now my question is how can stop the boot for put codes?? I try every combinations and pressing hurry Ctrl+C several times again and again, break with putty, even with software for auto press ctrl+c in milliseconds but I can not stop the annoying starting boot loop , i don't know what to do, give me any suggestion please, I keep stuck on that
hi.does anybody successfully managed to communicate with the e4200 and raspberry pi?i tried oxplot raspberry tjtag but it does not recognise it.it seems it does not have the W25Q128BVFG chipset support.are there any other solution?