Posted: Fri Aug 03, 2018 21:51 Post subject: R6400 v1 corrupt CFE variables
Can anyone tell me anything about the cfe variables relating to wifi for the r6400? To cut a long story short, I somehow managed to corrupt the board id, mac addresses etc. when flashing my R6400v1 back to stock. I've managed to apply all the /sbin/burn* commands except for "burnrf" as I don't know anything about the parameters.
Googling throws up very little apart from a few discussions that give the impression there are many radio related variables that need restoring. Is this information available and is restoration practical? I've reflashed the router several times since without issue and it seems to be working fine apart from the wifi range being degraded and the authentication being hit and miss which are presumably the consequences. Any pointers gratefully received.
Posted: Sat Aug 04, 2018 0:05 Post subject: Re: R6400 v1 corrupt CFE variables
jamesad wrote:
Can anyone tell me anything about the cfe variables relating to wifi for the r6400? To cut a long story short, I somehow managed to corrupt the board id, mac addresses etc. when flashing my R6400v1 back to stock. I've managed to apply all the /sbin/burn* commands except for "burnrf" as I don't know anything about the parameters.
Googling throws up very little apart from a few discussions that give the impression there are many radio related variables that need restoring. Is this information available and is restoration practical? I've reflashed the router several times since without issue and it seems to be working fine apart from the wifi range being degraded and the authentication being hit and miss which are presumably the consequences. Any pointers gratefully received.
DD-WRT and Factory do not destroy your board_data, you must have flashed tomato to it at some point. Unless you have a backup of your board_data you cannot restore all vars, e.g. radio calibration data. _________________ KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
Posted: Sat Aug 04, 2018 0:29 Post subject: Re: R6400 v1 corrupt CFE variables
[quote="<Kong>"
DD-WRT and Factory do not destroy your board_data, you must have flashed tomato to it at some point. Unless you have a backup of your board_data you cannot restore all vars, e.g. radio calibration data.[/quote].
Kong is right. how ever you can ask some one, but r6400v1 so few, but r6300v2 so identical everything that you can clone on. Or last resort Xvortex r7000s are able to replace with your owner mader. after all, only wifi radio should correct the check your router by: wl revinfo
Many thanks for the replies, it is much as I suspected. Yes, it was flashed with Tomato initially. Is the radio calibration data particular to each individual unit, or could it be cloned from another of the same or similar model? Deslatha, this seems to be what you are saying but I'm afraid I don't quite understand your last sentence perhaps you would be be kind enough to explain a bit more?
I am no expert in this stuff, but always happy to learn (Which I have been doing fast over the last few days!).
Many thanks for the replies, it is much as I suspected. Yes, it was flashed with Tomato initially. Is the radio calibration data particular to each individual unit, or could it be cloned from another of the same or similar model? Deslatha, this seems to be what you are saying but I'm afraid I don't quite understand your last sentence perhaps you would be be kind enough to explain a bit more?
I am no expert in this stuff, but always happy to learn (Which I have been doing fast over the last few days!).
Many thanks for the replies, it is much as I suspected. Yes, it was flashed with Tomato initially. Is the radio calibration data particular to each individual unit, or could it be cloned from another of the same or similar model? Deslatha, this seems to be what you are saying but I'm afraid I don't quite understand your last sentence perhaps you would be be kind enough to explain a bit more?
I am no expert in this stuff, but always happy to learn (Which I have been doing fast over the last few days!).
You need post data log on telnet.
display router layout: cat /proc/mtd
or cd /proc then ls -s
check board data (may be OEM lockup due no ID or serial number if you run on stock): dd if=/dev/mtdX | hexdump -C (X=board_data) or cp /dev/mtdX /tmp/sda (usage: df -h).
check wl radio rev version: wl -a eth1 revinfo
also eeprom: wl -a eth1 srdump
if no back board_data up then ask some one. open in hex edit(android is free).
put them in usb card(ntfs) then update to mtd of router.
if you want to used ddwrt FW then you only need nvram set "abc" where "abc" is parameter of wl radio then nvram commit. it will be erase if you reset router. (back up if you like).
Thanks all.
Ok, if the parameters are particular to my board then I'm probably screwed as I don't have a backup. On the plus side, although I appreciate Kong's warning, it's hard to see how I could make things worse as the wifi is only really usable in the same room at the moment, making it pretty useless to me. At the very least, trying will be useful experience so I'll get something out of it.
I'm going to set up a spare router so I can play as much as I like with the R6400 and go through Deslatha's instructions. Hopefully I will learn enough to be able to take up egc's kind offer, once I know what I need and what to do with it!
That much I can follow, but then it gets trickier.
wl -a eth1 srdump is all zeroes. I'm guessing that isn't right.
and I'm a bit stuck with this:
Quote:
check board data (may be OEM lockup due no ID or serial number if you run on stock): dd if=/dev/mtdX | hexdump -C (X=board_data) or cp /dev/mtdX /tmp/sda (usage: df -h).
Which is the board_data (X)?
I know basic linux and hex editing, but little about embedded systems so simple instructions appreciated.
As you see, it is router ID,serial# and so on that pull from r6300. also you need post 2 wl (5ghz) rev info. It should be 4360. Only radio rev 0x2059000 chipnum 0x4331 chip rev 0x2 is preset. I think you flash wrong FW which have no mtd of netgear router. nvram of net gear only 64:2=32kB but on your it is 1.5MB. it surely is link sys router.(devinfo+nvram from ddwrt, OEM layout mtds separated). eeprom of wl is ommited(all zero and be controlled from FW).
If you want rolling back to OEM then it takes little hardwork. you need connect to serial uart port to cp and edit. first flash stock net gear FW then it automatically creating blank board_data mtd which totally 17 mtds. From there you can cp and edit data which it already on your router printing label. if you willing then i can provided more detail.
Or you can upgrade and porting your router into R7000 if you like. let’s me know. kind not plus and play.
I see what you mean. I have no idea how or when that might have happened. I have reviewed all the flash files I have downloaded and all are for the R6400.
All I did was flash from Tomato (which it had been running happily for nearly a year) to dd-wrt to stock, using dd-wrt.v24-K3_AC_ARM_STD_128K.bin and R6400-V1.0.0.26_1.0.14.chk, both from the R6400 "back-to-genie" zip. All went well except I couldn't then reflash it as (it turned out) the board ID was corrupt. Having fixed that, I have since tried flashing it half a dozen times with Tomato, dd-wrt and stock files and it has been absolutely fine apart from the degraded wifi.
What I don't understand is, if the MTD's are so messed up, would you expect the router to still work perfectly (apart from the wifi) and to still be easily flashable? Also, if reverting it to stock will fix the MTD structure, why didn't it do so the first time?
I am of course, not arguing with you as it's clear you know way more than I do about this - I am just puzzled.
But yes, I am willing to try and would greatly appreciate it if you did provide me with more detail. I will flash it back to stock and see what happens.
Open R6400-V1.0.0.26_1.0.14.chk by hex edit (android is free). delete 57 header's bytes until you see HDR0 start; save it in .bin file. connect to pc and tftp server, from cfe flash this new edit fw. also erase nvram too.
flash -erase nflash0.nvram
flash -noheader 192.168.1.2:fw_edit.bin nflash0.trx
after that reboot and the fw should created 17mtds. At this time you no longer telnet or ssh. only uart serial port.
from there you can back up all router's mtd to usb storage. you may ask some r6400 back up mtds to clone or edit back to your router.
hope can help.
notes: support that your router still used original cfe.
if you dont know how to flash fw through cfe cli then ask some one with more your detail, support that you already connect serial port of router; other wise discard and nothing you can do.
It's very kind of you to take the trouble to help. Thanks.
As I understand it, the general idea is that I recreate the MTD structure, get copies of all 17 mtds from another R6400, edit the board_id mtd for my particular router's bottom label stuff, then write them all back? Is that right?
Sounds just about within my capabilities. Serial port and cli flashing I can do. I'm not sure of the commands for backing up and restoring the mtds to USB though, so an example would be useful.
