Posted: Fri Oct 18, 2013 18:28 Post subject: Buffalo WZR-HP-G300NH2 -Version 2- Atheros Based
This is my CFE (10-18-2013)in case someone else needs it or even myself at a future date. This is Atheros Based, I found no posts or links to a Atheros CFE, but here it is just in case. This is the Version 2 of the router noted by the last part NH2. It is *different* from a NH (version 1) so dont use it unless you have the NH (version 2). If you are unsure look on the bottom/back of router the sticker will give you the correct info. There was allot of debate when it was first released. I can still say to this day Buffalo cannot get their heads out of their ass! The support they provide is next to worthless. I could not download an updated version of their "Pro" firmware, because the site said my serial was not valid. Tech support even swore I had a version 1 of the unit. I said screw it, I wanted a dd-wrt compatible router and this was it. I gave up on even trying their "Pro" and settled for brainslayers builds. He has never let me down before. Ripped by http://192.168.0.1/cfe.bin and hitting enter, place your ip if different mine was 3.1. I am using DD-WRT v24-sp2 (07/24/13) std (SVN revision 22118). Which I obtained from here:
Some Info here:
I have a Buffalo WZR-HP-G300NH that I bricked by typing "mtd erase flash", and quickly did a "mtd write flash" of the original firmware. Now the router won't do anything (no serial console, just "power" led. I have a blackcat JTAG, and it shows up as "no CFI detected".
I heard from somebody that you had to bring the 'flash enable chip' to logic HIGH (VCC 3.3v) in order to access the flash. Does anyone know which chip this is?
There's the following chips I believe it could be.
Flash: Spansion S29GL256P
U18 - Quad-NAND gate 74HC00
U13 - Quad-multiplexer (directly above the serial header) 74HCT-157
U14 - uP7707U8-00 (no data, seems like a power regulator but not sure).
I attached the Spansion S29GL256P data sheet, but there's several 'ENABLE' pins on it. However, it looks like a write cycle involves a complex set of enabling/disabling #CE, #WE, and #OE.
Another thing I can try is to edit the script for the commands of the BlackCat to do a 'Read' 'Device ID' (22h), but I need WE high.
I've got a CFE and everything I need ready, several JTAG devices, a serial TTL interface, and an audrino. If anyone has any ideas, let me know.
Posted: Sat Mar 12, 2016 23:25 Post subject: BT home hub 2A
Hello. I have bricked my bt home hub 2A, the only CFE I could find was the one on the openwrt wiki and I can't get it to work. Can anyone upload the original here please? Or maybe even the wholeflash.bin if possible as it is acting very strange... Thanks!
Posted: Fri Nov 25, 2016 4:07 Post subject: WRT54GLv1.1 DD-WRT method cfe backup
I'm not sure if you are still looking for CFE backups but here is another one. This one may be a bit different though.
I have looked at a few other CFE binaries for the same model router and there are some unusual differences. I purchased my router on ebay and I have noticed the NVRAM settings being changed or hacked before. I did not suspect that perhaps the CFE could also be hacked but I have had a few instances where the firmware was wiped and recently it was almost bricked. It would not accept TFTP updates until I was just about to perform a pin short and then the ping started working after I opened the case.
One of the odd things I have noticed is how the other CFE binaries have their build dates set as CST time. In this one it is "Build Date: Mon Oct 26 16:57:52 HKT 2009 (crazy@sw1)"
Another odd note is how the crazy@sw1 is usually set to root@localhost in most other CFE I have inspected.
Please let me know what you make of this CFE. Does it appear normal or possibly hacked? I was thinking of changing out the CFE to handle k26 builds anyway.
Posted: Tue Oct 01, 2019 23:24 Post subject: Linksys WRT610N V1 CFE
Couldn't find a cfe anywhere for my Linksys WRT610N v1. So after I finally got mine back up and running, I made a back up of the CFE. I got it using the web interface: http://192.168.1.1/backup/cfe.bin