Posted: Sun Mar 11, 2012 11:05 Post subject: How to change country (regulation domain) in E3000
The router locked by firmware to channels, allowed in country where it was originally sold. The regulation (region code) is stored in NVRAM. Country code is located in CFE at offset 0x3FE2C, 2.4GHz code is at offset 0x3FE24, and 5GHz at offset 0x3FE28. I discovered few codes: EU, US. Empty fields (0xFF) works as US. Here are simple steps for changing region code in NVRAM.
1. Flash Linksys E3000 with DD-WRT as described http://www.dd-wrt.com/wiki/index.php/Linksys_E3000#Flashing_instructions_for_the_E3000 steps 1 - 10.
2. Enable telnet access and login to router:
telnet <router IP>,
user: root,
password: <admin pass>
3. Read your original boot and NVRAM http://www.dd-wrt.com/wiki/index.php/CFE_backup
dd if=/dev/mtd/0 of=/tmp/cfe_backup.bin
4. Read first part of CFE (upto region codes)
dd if=/dev/mtd/0 of=/tmp/cfe_1.bin bs=1 count=261668
5. Fill desired country codes in HEX format. EU = 0x45, 0x55.
echo -e "\x45\x55\xff\xff\x45\x55\xff\xff\x45\x55\xff\xff" -n >/tmp/cfe_2.bin
6. Copy thrird part of CFE:
tail -c 464 /tmp/cfe_backup.bin >/tmp/cfe_3.bin
7. Create new CFE file with updated region:
cat /tmp/cfe_1.bin /tmp/cfe_2.bin /tmp/cfe_3.bin >/tmp/cfe_new.bin
8. Check that new file has correct size:
ls -l /tmp
9. Check that only region was changed in new file:
cmp -b /tmp/cfe_backup.bin /tmp/cfe_new.bin
10. Write new file to flash:
mtd unlock cfe
mtd write -f /tmp/cfe_new.bin cfe
11. Restore stock firmware as described here:
http://www.dd-wrt.com/wiki/index.php/Linksys_E3000#Reverting_back_to_stock_firmware
It is good that you said check file size, because following your instructions (through copying/pasting the information) the cfe_new.bin file resulted 4 bytes longer than it should.
I did apply this trick and I can confirm that it works, but I used HxD from Total Commander Ultima Prime instead of command line instructions. After I have edited the file with EUÿÿEUÿÿEU instead of Q2/3Q2/3US (ÿ is FF in hexadecimal), I did a binary content comparison and this was the one and only difference between the two files.
Another difference is that I did not flash back to stock firmware, I remained using DD-WRT firmware. I guess that this new cfe makes for me no real difference, but in any case my two WRT610N-EU routers, which had become E3000 (US region) through flashing the advised cfe and the custom firmware for conversion, are now E3000 (EU region). _________________ 2 times RT-AC56U running 33772 with entware-ng, Yamon 3 (SFE disabled).
Asus RT-N16 running Merlin LTS fork RT-N16_3.0.0.4_374.43_2-25E8j9527.trx with entware-ng.
2 times Asus RT-N16 running dd-wrt.v24-33772_NEWD-2_K3.x_big.bin with entware-ng
Hey slobodan, thanks for debugging this and getting it working, I'm going to give it a go and hopefully it works on my firmware as it's slightly different to yours. I'll let you know how I get on.
Posted: Tue Sep 16, 2014 10:46 Post subject: cfe write problem
I am trying to do the same thing, i.e trying to enable all available channels for the UK. I have followed the steps above but when it comes to "mtd write -f cfe_new.bin cfe" i get the error
Unlocking cfe ...
Writing from cfe_new.bin to cfe ... [e]Erasing mtd failed: cfe
hi, i have a real big nasty problem,
i have no idea why i did that,
i have followed this instructuion on my linksys e1200 v2, everything went good with the command, but after the latest command, i can not connect to my router, all leds switched on, no blinking or flashing, just dimmed, i tried 30/30/30 and nothing happened, nothing works, the wireless connection, ethernet connection, all dead, everything went south,
1 question in my mind, just take aside my stupidity for following this instruction,
what am i supposed to do right now?
with jtag or serial recovery, will it work?
or its just the end of my router?
hello sir,
after writind dowd your new cfe,you did reflashed with ddwrt or just rebooted the router or restored factory defaults on your existing ddwrt?
best regards,
pierre
