bdrestore fails: how to recover board config for dir-300?

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Atheros WiSOC based Hardware
Goto page 1, 2, 3, 4  Next
Author Message
twiky
DD-WRT Novice


Joined: 11 Oct 2008
Posts: 12

PostPosted: Sat Oct 11, 2008 11:34    Post subject: bdrestore fails: how to recover board config for dir-300? Reply with quote
During the process of flashing with different images I've made a stupid mistake, erasing flash by "fis init -f". So, I do believe that board config is cleaned up, bdrestore returns:

DD-WRT> bdmove
No board config data found!
DD-WRT> DD-WRT> bdrestore
Board config found at 0xbff90000
No board config data found!

So, neither linux.bin or original firmware from d-link doesnt start anymore. Does anybody has an experience in such a case, is there any way to restore the board config?
Sponsor
Sash
DD-WRT Guru


Joined: 20 Sep 2006
Posts: 17638
Location: Hesse/Germany

PostPosted: Sat Oct 11, 2008 13:57    Post subject: Reply with quote
use the dir300 instruction to flash the ap62.rom again.

EDIT typo: ap61.rom

_________________
Forum Guidelines...How to get help
&
Forum Rules
&
RTFM/STFW
&
Throw some buzzwords into the WIKI search Exclamation
_________________
I'm NOT rude, just offer pure facts!
_________________
Atheros (TP-Link & Clones, etc ) debrick service in EU
_________________
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!


Last edited by Sash on Sat Oct 25, 2008 8:27; edited 1 time in total
carlopires
DD-WRT Novice


Joined: 25 Mar 2007
Posts: 1

PostPosted: Sat Oct 11, 2008 17:31    Post subject: Reply with quote
AP62 ?? If this is a typo error I have this problem and reflashed AP61.ROM again but the board config continues missing. And AP does not load kernel completely.
twiky
DD-WRT Novice


Joined: 11 Oct 2008
Posts: 12

PostPosted: Sun Oct 12, 2008 13:25    Post subject: Reply with quote
Sash wrote:
use the dir300 instruction to flash the ap62.rom again.


Sash - thanx for answer. Hope you may easily understand what's wrong. Sure I did use instruction. BTW, I do also believe there was a typo with ap62.rom: no references for such a file on dd-wrt download page. So, I'm going with ap61.rom. Here is the full log of my last attempt, too long but hope clear:

Version: "RedBoot v2.3"
RAM: 0x80000000-0x80800000, [0x80036350-0x807ed000] available
FLASH: 0xbfc00000 - 0xbfff0000, 64 blocks of 0x00010000 bytes each.

RedBoot>
load ap61.ram
Using default protocol (TFTP)
Entry point: 0x800410bc, address range: 0x80041000-0x800680d8
RedBoot>
go

re-connected to 192.168.1.1 here

RedBoot(tm) bootstrap and debug environment [RAM]
production release, version "2.1.3" - built 18:43:37, Sep 20 2007

Platform: ap61 (Atheros WiSOC)
Copyright (C) 2000, 2001, 2002, 2003, 2004 Red Hat, Inc.
Copyright (C) 2007, NewMedia-NET GmbH.

Board: DLINK DIR-300
RAM: 0x80000000-0x81000000, [0x8007ff00-0x80fe1000] available
FLASH: 0xbfc00000 - 0xbfff0000, 64 blocks of 0x00010000 bytes each.

DD-WRT>
fis init
About to initialize [format] FLASH image system - continue (y/n)?
y
*** Initialize FLASH Image System
... Erase from 0xbffe0000-0xbfff0000: .
... Program from 0x80ff0000-0x81000000 at 0xbffe0000: .

DD-WRT>
ip_address -h 192.168.1.2
IP: 192.168.1.1/255.255.255.0, Gateway: 0.0.0.0
Default server: 192.168.1.2

DD-WRT>
load -r -b %{FREEMEMLO} ap61.rom
Using default protocol (TFTP)
Raw file loaded 0x80080000-0x800a8717, assumed entry at 0x80080000
DD-WRT> fis create -l 0x30000 -e 0xbfc00000 RedBoot
An image named 'RedBoot' exists - continue (y/n)? y
... Erase from 0xbfc00000-0xbfc30000: ...
... Program from 0x80080000-0x800a8718 at 0xbfc00000: ...
... Erase from 0xbffe0000-0xbfff0000: .
... Program from
0x80ff0000-0x81000000 at 0xbffe0000: .


Here I see the only difference with flashing.txt guide provided:
in memory addresses used for fis programming guide gives 0x807f0000-0x80800000 and mine result is shifted for x800000. Not sure it's a problem, but just in case you may know what it means.

DD-WRT>
fis create -l 0x30000 -e 0xbfc00000 RedBoot
An image named 'RedBoot' exists - continue (y/n)? y
... Erase from 0xbfc00000-0xbfc30000: ...
... Program from 0x80080000-0x800a8718 at 0xbfc00000: ...
... Erase from 0xbffe0000-0xbfff0000: .
... Program from 0x80ff0000-0x81000000 at 0xbffe0000: .
DD-WRT>
reset

re-connected telnet session again in a second.
Then checked out flash:

DD-WRT> ^C
DD-WRT>
fis list
Name FLASH addr Mem addr Length Entry point
RedBoot.........0xBFC00000 0x80080000 0x00030000 0xBFC00000
FIS directory....0xBFFE0000 0xBFFE0000 0x0000F000 0x00000000
RedBoot config..0xBFFEF000 0xBFFEF000 0x00001000 0x00000000

DD-WRT>
fis free
0xBFC30000 .. 0xBFFE0000

So far so good. Continuing with guide:

DD-WRT>
load -r -b 0x80041000 linux.bin
Using default protocol (TFTP)
TFTP timed out 1/15
Can't load 'linux.bin': operation timed out


I'd say it would be really nice to update the flashing.txt by adding tftp host address seeting: surely a lot of people spent time discovering in other guides what's going wrong and why transfer doesn't start. Thanks to Shadowandy's mini-flashing-guide-for-dir-300 I see what's wrong.

DD-WRT>
ip_address -h 192.168.1.2
IP: 192.168.1.1/255.255.255.0, Gateway: 0.0.0.0
Default server: 192.168.1.2

DD-WRT>
load -r -b 0x80041000 linux.bin
Using default protocol (TFTP)
Raw file loaded 0x80041000-0x803bafff, assumed entry at 0x80041000

DD-WRT>
fis create linux
... Erase from 0xbfc30000-0xbffaa000: ........................................................
... Program from 0x80041000-0x803bb000 at 0xbfc30000: ........................................................
... Erase from 0xbffe0000-0xbfff0000: .
... Program from 0x80ff0000-0x81000000 at 0xbffe0000: .


Took some 10 minutes, looks ok, but the same shift in sourced area for programming into flash. Then just to be sure everything is ok with flashing the image:

DD-WRT>
fis list
Name FLASH addr Mem addr Length Entry point
RedBoot..........0xBFC00000 0x80080000 0x00030000 0xBFC00000
linux..............0xBFC30000 0x80041000 0x0037A000 0x80041000
FIS directory.....0xBFFE0000 0xBFFE0000 0x0000F000 0x00000000
RedBoot config...0xBFFEF000 0xBFFEF000 0x00001000 0x00000000

DD-WRT>
fis free
0xBFFAA000 .. 0xBFFE0000

DD-WRT>
fconfig boot_script true
boot_script: Setting to true
Update RedBoot non-volatile configuration - continue (y/n)? y
... Erase from 0xbffe0000-0xbfff0000: .
... Program from 0x80ff0000-0x81000000 at 0xbffe0000: .
DD-WRT>
fconfig boot_script_timeout 3
boot_script_timeout: Setting to 3
Update RedBoot non-volatile configuration - continue (y/n)? y
... Erase from 0xbffe0000-0xbfff0000: .
... Program from 0x80ff0000-0x81000000 at 0xbffe0000: .
DD-WRT>
fconfig bootp false
bootp: Setting to false
Update RedBoot non-volatile configuration - continue (y/n)? y
... Erase from 0xbffe0000-0xbfff0000: .
... Program from 0x80ff0000-0x81000000 at 0xbffe0000: .

DD-WRT>
fconfig
Run script at boot: true
Boot script:
Enter script, terminate with empty line
>>
fis load -l linux
>>
exec
>>
Boot script timeout (1000ms resolution): 3
Use BOOTP for network configuration: false
Gateway IP address:
Local IP address:
Local IP address mask:
Default server IP address:
Console baud rate: 9600
GDB connection port: 9000
Force console for special debug messages: false
Network debug at boot time: false
Update RedBoot non-volatile configuration - continue (y/n)? y
... Erase from 0xbffe0000-0xbfff0000: .
... Program from 0x80ff0000-0x81000000 at 0xbffe0000: .

DD-WRT>
version

RedBoot(tm) bootstrap and debug environment [ROMRAM]
production release, version "2.1.3" - built 18:43:19, Sep 20 2007

Platform: ap61 (Atheros WiSOC)
Copyright (C) 2000, 2001, 2002, 2003, 2004 Red Hat, Inc.
Copyright (C) 2007, NewMedia-NET GmbH.

Board: DLINK DIR-300
RAM: 0x80000000-0x81000000, [0x80040580-0x80fe1000] available
FLASH: 0xbfc00000 - 0xbfff0000, 64 blocks of 0x00010000 bytes each.
DD-WRT>
reset

So everything looks fine to me. Yet it doesn't work: device restarted every minute for 3 times I guess, then hungs with not started SW, no DHCP server as well - I've connected another comp with auto net config so no ip address applied. RedBoot works, I can power cycle device and telnet it again. Trying to see what's going on I've started linux manualy:

DD-WRT> fis load -l linux
Image loaded from 0x80041000-0x802d0c58
DD-WRT>
exec

Device restarted and goes the same way: 3 times rebooted and hungs.

Being not sure where I can see linux.bin content in RAM loaded, checked next time the followings, loading linux manually:

DD-WRT>
x -b 0x80041000 -l 0x00000100
80041000: 08 0A C8 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
80041010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
80041020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
80041030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
80041040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
80041050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
80041060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
80041070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
80041080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
80041090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
800410A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
800410B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
800410C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
800410D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
800410E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
800410F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|

DD-WRT>
x -b 0xbfc30000 -l 0x00000100
BFC30000: 6D 00 00 80 00 58 FC 28 00 00 00 00 00 00 04 02 |m....X.(........|
BFC30010: 95 00 0E 0F F8 3F D5 D1 50 C7 E1 D5 37 C0 34 84 |.....?..P...7.4.|
BFC30020: 0C 61 30 4E FF FD 72 22 F0 2A 68 DF 47 71 28 FB |.a0N..r".*h.Gq(.|
BFC30030: D7 F6 18 CA 60 FF B3 A4 CC 96 AE 22 A5 BD 9C 55 |....`......"...U|
BFC30040: 2B 44 4D 48 ED B9 C8 FC 0F C2 07 B4 2F EC FD 59 |+DMH......../..Y|
BFC30050: EE 85 03 45 EF BC 6C 82 4F C1 64 73 00 73 46 89 |...E..l.O.ds.sF.|
BFC30060: 2E C9 31 C8 60 74 30 57 7E A5 2A 71 84 A4 53 19 |..1.`t0W~.*q..S.|
BFC30070: 3A 59 6F CC 28 FB DE FF 41 40 B1 03 B1 99 58 39 |:Yo.(...A@....X9|
BFC30080: B9 98 84 B9 EB F1 5E 95 3D 84 03 0D ED 73 30 9D |......^.=....s0.|
BFC30090: 46 79 F3 CB BE 3A 91 15 65 58 B6 38 5A 9E 57 73 |Fy...:..eX.8Z.Ws|
BFC300A0: 12 1F 8F 88 8C 51 A3 3C E0 5B DC A7 D3 61 CD 64 |.....Q.<.[...a.d|
BFC300B0: 2D 1E 63 FE 5F 0E 6B E4 61 AD 9F 46 82 78 73 68 |-.c._.k.a..F.xsh|
BFC300C0: F1 4D 4B 3B 83 F7 CA D0 E0 83 F3 8B 7A 64 DF 73 |.MK;........zd.s|
BFC300D0: 4D 85 69 4B B1 61 DE C7 60 F2 C9 46 99 D1 A8 D2 |M.iK.a..`..F....|
BFC300E0: 2A 05 A3 FE F7 80 94 3E E1 01 6E 83 97 C7 FF 6D |*......>..n....m|
BFC300F0: 8A 6E 46 97 59 03 9F 40 82 38 E2 DA 86 EC 39 CF |.nF.Y..@.8....9.|
DD-WRT> exec


Well, didn't really got what's wrong. BDRESTORE gives the same: founding no device info. Reloads of original firmware v. 1.03-1.05, earlier versions of DD-WRT give the same. It couldn't be bricked as far as RedBoot works, so my guess is only device config, this is why I've asked about it. Any other assumptions are warmly welcomed Sad

Cheers,
Michael
twiky
DD-WRT Novice


Joined: 11 Oct 2008
Posts: 12

PostPosted: Tue Oct 14, 2008 21:49    Post subject: Reply with quote
Folks,

Would it be sensible to run bdrestore at first, prior to flashing Redboot into ROM? As I see it moves board config to the end of ROM and hopefully gonna prevent RedBoot from overwriting it. Guru, what would you say?
fluffy@prog.ru
DD-WRT Novice


Joined: 24 Oct 2008
Posts: 10

PostPosted: Fri Oct 24, 2008 22:30    Post subject: Reply with quote
I have a similar problem. While "playing" with flashing dd-wrt and flashing back to original firmware procedures (several times) I did somthing (don't know what exactly but for sure it was NOT the "fis init -f" command) and next time the dd-wrt did not start and cycling with reboot process infinitelly. I tried the OpenWRT with the same result (while before thatI could load and start OpenWRT without any problem). During the flash procedure the only difference with "Mini Flashing Guide..." and with flashing.txt I coud see is the same as in twiky's log:
... Program from 0x80ff0000-0x81000000 at 0xbffe0000

The manual

With original RedBoot (dir300redboot.rom) and original firmware (1.04) the boot script is not working (while before that everythting was ok). I connect putty to the RedBoot in passive mode (without ^C) during the boot process and got this error:

== Executing boot script in 4.950 seconds - enter ^C to abort
RedBoot> Using default protocol (TFTP)
__udp_sendto: Can't find address of server
Can't load 'COBRAART.SYS': some sort of network error
RedBoot> No entry point known - aborted
RedBoot>

But when I manually enter "fload" and "go" (which are definitely in the script) the original firmware started and seems working properlly.

So it seems the problem is not in the RedBoot or firmware (original or dd-wrt), because they both worked on my hardware (dir-300) before.
twiky
DD-WRT Novice


Joined: 11 Oct 2008
Posts: 12

PostPosted: Sat Oct 25, 2008 9:03    Post subject: Reply with quote
fluffy@prog.ru wrote:
I tried the OpenWRT with the same result


Same as I did. Same, started original firmware manually as script was not running on boot up.

Yet had radio not started up - system works, shows all OK but not discoverable at all; so went to OpenWRT but completely unsuccessful as it doesn't start at all, flashed back to DD-wrt and original and back - got system not even starting manually, cycling on boot.

Now I do realize that non-working radio most probably means bdconfig damaged. Having no idea how to recover it on my own I went to d-link service and flashed it back in full - they did it easily within 3 days mentioning it as a regular support procedure for free )) -- seems I'm not the only one who f*cked up.

Well, now I'm wondering how could I pass the problem flashing it to dd-wrt again. Have no clear idea what was wrong. Not sure is it needed to bdrestore initially or not, but some say yes.

Course, would be great to have some analysis and getting into solution / recommendations for others, but I'm personally not qualified enough. Could anybody has a clue? Not sure, the case seems to be not common even being probably specific for widely spread DIR-300. But problem persists.
fluffy@prog.ru
DD-WRT Novice


Joined: 24 Oct 2008
Posts: 10

PostPosted: Sat Oct 25, 2008 12:46    Post subject: Reply with quote
Twiky, could you make a full flash memory dump to the putty log file when you get back your device? (RedBoot> dump -b 0xbfc00000) Or if it is to long:
RedBoot> dump -b 0xbfc00000 -l 0x40000
RedBoot> dump -b 0xbffe0000 -l 0xf000
RedBoot> dump -b 0xbffef000 -l 0x1000

One more thing. I load the ap61.ram and run the "fis list". Here is the result (could anybody compare it with the same result from working device?):

DD-WRT> fis list
Name FLASH addr Mem addr Length Entry point
RGCFG1 0x00000038 0x00000039 0x00000641 0x0003183B
<Not a string: 0x80FF2400> 0x08459094 0x2B81DF32 0x57B5EEE7 0xA1A255F0
<Not a string: 0x80FF2100> 0x199F2016 0xD1201412 0x1954E320 0x2D88E923
<Not a string: 0x80FF2300> 0x3A1C0627 0xC1A53B8D 0xC0641C69 0x85DC8E0D
<Not a string: 0x80FF2500> 0x4D0D875C 0x2B2CF905 0xEB6B3F71 0x2B8B3F47
<Not a string: 0x80FF2700> 0xB87AAABA 0x9622AF38 0x23A05EFF 0xD3E4DFD9
RedBoot 0xBFC00000 0x80040800 0x00030000 0xBFC00000
FIS directory 0xBFFE0000 0xBFFE0000 0x0000F000 0x00000000
RedBoot config 0xBFFEF000 0xBFFEF000 0x00001000 0x00000000
<Not a string: 0x80FF2600> 0xF8E252E5 0xF252689F 0xAFF2D6B0 0x6AD95697
<Not a string: 0x80FF2200> 0xFE2D1462 0xBAE7ADC2 0x28F34410 0x77920FE4

What could be the first string with name RGCFG1
twiky
DD-WRT Novice


Joined: 11 Oct 2008
Posts: 12

PostPosted: Fri Oct 31, 2008 23:15    Post subject: Reply with quote
I've sent you download link.

Just to let everybody interested know, I've loaded ap61.ram onto restored dir-300 and checked out flash files listed:

DD-WRT> fis list -c

Name FLASH addr Checksum Length Entry point
RGCFG1 0x00000038 0xEADF3011 0x000006DB 0x0003695A
<Not a string: 0x80FF2300> 0x1AF99598 0x8D4671E5 0xD1C8D368 0xE44B34C8
<Not a string: 0x80FF2200> 0x28CFA79C 0x872C0D44 0x4F55DB70 0xA1613980
<Not a string: 0x80FF2100> 0x4B1E8C2F 0x62C6124E 0x0A8174AA 0x71E00AC4
<Not a string: 0x80FF2A00> 0x6BE9981D 0xBC6D1615 0xDA7C3ACB 0xF3BAE11E
<Not a string: 0x80FF2800> 0x6D68350F 0x829C99CE 0x1831FC4E 0x4AAC6F15
<Not a string: 0x80FF2B00> 0x84B7A723 0xFFFFFFFF 0x8AE8FF02 0x6164F97D
<Not a string: 0x80FF2900> 0x8D19BB87 0x6B5B5611 0xFF0DCD6E 0x881B552C
<Not a string: 0x80FF2400> 0x8D469146 0x258596D9 0xA6D128D3 0x68945732
<Not a string: 0x80FF2700> 0x981F0000 0xB99B800B 0x34E0FBF7 0xDE254964
<Not a string: 0x80FF2500> 0xBB2AB1BD 0x3AF3A284 0x25E69A3E 0xC30021E0
<Not a string: 0x80FF2600> 0xE9B9E978 0xDD174C08 0x57453526 0x51475961


Restored firmware version is 1.01, in case it has specific changes in lenght.

I think this RedBoot version does not read flash partition properly. Is it so?
fluffy@prog.ru
DD-WRT Novice


Joined: 24 Oct 2008
Posts: 10

PostPosted: Tue Nov 04, 2008 8:55    Post subject: Reply with quote
Thank you very much, Twiky! I've got it. Will try to compare the results...
fluffy@prog.ru
DD-WRT Novice


Joined: 24 Oct 2008
Posts: 10

PostPosted: Sat Nov 22, 2008 11:34    Post subject: Reply with quote
So... I have resored my dir-300! :)

I bought one more router for my work and make a full dump of its flash rom. Secondly I connected my router through its TTL pins and some kind of simple pl2303 USBtoRS232 converter. Then I could see what is happening wneh the router is booting up and when I do the bdrestore or bdmove command. I don't have the exact procedure how to restore other routers with the same problem, so I suggest everybody who wants to repeat my steps to have this kind of connection, just in case.

Actually the board config is located in 0xbfff0000-0xbfffffff. When you flash your router with new redboot (ap61.rom) and then with dd-WRT linux.bin or some openWRT linux - they change this block of flash memory when booting first time (I think the red light indicate it) adding its own information. And it seems in some case they could break the original board information (I don't know in what case - now I can not break it even if I try to). In my case I could see some strange information at the very beggining of that block of memory.

I could restore this board config by loading the block of memory from the original dump I made from the second device (I can send it to anybody who needs it) to the appropriate address.

1. I flashed the dd-WRT redboot. (This procedure dose not work with original redboot for some reason - maybe you should use another address in step 2, I don't know.)
2. Then I loaded the original board config to the address 0xbffd0000 (don't ask me why I use this address - I don't know. But it seems that the dd-WRT bdrestore and bdmove commands use exactly this address to restore the board cofig). Actually I loaded two blocks of memory - the second one was 0xbffe0000-0xbffeffff (from the original dump). I loaded it to the address 0xbffc0000 (DO NOT confuse with 0xbfc00000 - you can dammage your router as it is the address of redboot). But I'm not sure you will need this block, first time try without this block.
3. bdrestroe
4. bdmove

So, maybe some guru could explain (I could not) what axactly I did - but the bord config was restored Smile.
twiky
DD-WRT Novice


Joined: 11 Oct 2008
Posts: 12

PostPosted: Mon Nov 24, 2008 1:30    Post subject: Reply with quote
Would be great to have it -- don't you mind to create an instruction how to program onto config area, or it can be simply accessed in RedBoot for overwrite?
deaftone
DD-WRT Novice


Joined: 18 May 2007
Posts: 24

PostPosted: Wed Nov 26, 2008 11:11    Post subject: Reply with quote
I've been experiencing the same problem with a ar430w for about a week now, constantly power cycles, no dhcp, won't load dd-wrt/original fw. Has anyone found out what's getting messed up? I also noticed that one address change as fluffy and twiky pointed out earlier, has anyone resolved this issue? I have been bashing my brains in for the past week trying to figure out what got damaged and honestly I don't know, I'm not a guru but even with all my logs, step by step posted all I've managed to get is "did you follow the instructions in the dl folder" and nothing related to the actual problem. I had v24-sp1 installed and ran fine for 3 days, then decided to upgrade to v24-pre-sp2, uploaded the ar430w-firmware.bin via http and reset to defaults. On 1st boot, everything seemed fine, after changing some settings and trying to enable jffs, also booted fine but with no jffs, since I was unfamiliar with a few wireless settings, I decided to reset back to defaults, well, that's when it all started. Since then all I have been able to get that the most is a dd-wrt> bootloader prompt, tried reverting using the dir300redboot.rom and using the emergency web server to upload the factory firmwares 1.01 and 1.02, tried flashing v24-rc5, v24, v24-sp1, v24-pre-sp2 and all failed horribly when it came to booting (only redboot would work), it's like the linux fs fails to load on boot, or gets a bad write? Even with all addresses matching flashing.txt and other instructions, I was unable to boot another firmware. If anyone is interested in some logs or whatever, I am willing to test the hell out of this box, may it be thankful I haven't crushed it yet after spending over a week with this retarded issue :)



Code:

DD-WRT> version

RedBoot(tm) bootstrap and debug environment [ROMRAM]
production release, version "2.1.3" - built 18:43:19, Sep 20 2007

Platform: ap61 (Atheros WiSOC)
Copyright (C) 2000, 2001, 2002, 2003, 2004 Red Hat, Inc.
Copyright (C) 2007, NewMedia-NET GmbH.

Board: DLINK DIR-300
RAM: 0x80000000-0x81000000, [0x80040580-0x80fe1000] available
FLASH: 0xbfc00000 - 0xbfff0000, 64 blocks of 0x00010000 bytes each.
DD-WRT> fis list
Name              FLASH addr  Mem addr    Length      Entry point
RedBoot           0xBFC00000  0x80080000  0x00030000  0xBFC00000
linux             0xBFC30000  0x80041000  0x00395000  0x80041000
FIS directory     0xBFFE0000  0xBFFE0000  0x0000F000  0x00000000
RedBoot config    0xBFFEF000  0xBFFEF000  0x00001000  0x00000000
DD-WRT> fis list -d
Name              FLASH addr  Mem addr    Datalen     Entry point
RedBoot           0xBFC00000  0x80080000  0x00028718  0xBFC00000
linux             0xBFC30000  0x80041000  0x00395000  0x80041000
FIS directory     0xBFFE0000  0xBFFE0000  0x00000000  0x00000000
RedBoot config    0xBFFEF000  0xBFFEF000  0x00000000  0x00000000
DD-WRT> bdrestore
Board config  found at 0xbff90000
No board config data found!
DD-WRT>

Code:
DD-WRT> x -b 0x80041000 -l 0x00000100
80041000: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
80041010: 00 08 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
80041020: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
80041030: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
80041040: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
80041050: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
80041060: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
80041070: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
80041080: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
80041090: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
800410A0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
800410B0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
800410C0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
800410D0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
800410E0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
800410F0: 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
DD-WRT> x -b 0xbfc30000 -l 0x00000100
BFC30000: 6D 00 00 80 00 3C 15 29  00 00 00 00 00 00 04 02  |m....<.)........|
BFC30010: 96 00 0E 0F F8 3F D5 D1  50 C7 E1 D5 37 C0 34 84  |.....?..P...7.4.|
BFC30020: 0C 61 30 4C 79 46 3F B8  56 DA CF 30 74 25 6E F7  |.a0LyF?.V..0t%n.|
BFC30030: 2A F8 AF 2D B3 41 30 3B  58 C6 85 3A F2 41 23 D9  |*..-.A0;X..:.A#.|
BFC30040: 92 03 8C 99 9A B9 4C CF  A7 82 7D 66 C1 A0 7B 28  |......L...}f..{(|
BFC30050: 84 4F 08 B5 19 DD F3 5B  5D F6 F4 E5 3F 38 05 C4  |.O.....[]...?8..|
BFC30060: 3D E1 6B B1 FF 1F 96 53  68 92 98 2E B9 24 9C 31  |=.k....Sh....$.1|
BFC30070: 68 B7 0A 0D 1D 64 E7 78  9A 76 09 20 FB B2 2E 8D  |h....d.x.v. ....|
BFC30080: 83 A6 09 3A 46 09 37 6C  44 0A D6 DE E5 0C 38 9C  |...:F.7lD.....8.|
BFC30090: AF 21 BC 98 04 2F 06 90  D0 6A CC 7C F6 DA 64 4A  |.!.../...j.|..dJ|
BFC300A0: 6C 4C AA 03 16 8B EC 8D  AB 04 28 DA C5 B1 08 9D  |lL........(.....|
BFC300B0: 83 EA 6C DB 72 02 98 FF  6E 43 05 75 6E 11 06 18  |..l.r...nC.un...|
BFC300C0: DC 88 C5 18 ED FD 0A DC  95 B4 2C 62 E5 99 EF 12  |..........,b....|
BFC300D0: 2D 8D BB B4 7A 86 03 2C  07 9F 8D 7D 4C 94 E4 82  |-...z..,...}L...|
BFC300E0: 5E 5A 59 76 33 A8 89 98  C3 64 C5 07 5C BB 66 FC  |^ZYv3....d..\.f.|
BFC300F0: F3 13 51 DC 1D EC C5 57  1B F8 D1 E5 78 9C D2 3B  |..Q....W....x..;|
DD-WRT>


These logs were made after completing all the flashing steps for v24-sp1 as stated in flashing.txt.

board info:
Code:

== Executing boot script in 0.250 seconds - enter ^C to abort
^C
DD-WRT> dump -b 0xbfff0000 -l 0x7f
BFFF0000: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0010: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0020: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0030: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0040: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0050: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0060: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0070: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF     |............... |
DD-WRT> dump -b 0xbfff0000 -l 0xf8
BFFF0000: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0010: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0020: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0030: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0040: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0050: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0060: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0070: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0080: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0090: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF00A0: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF00B0: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF00C0: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF00D0: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF00E0: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF00F0: FF FF FF FF FF FF FF FF                           |........        |

radio config:
Code:
DD-WRT> dump -b 0xbfff00f8 -l 0x200
BFFF00F8: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0108: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0118: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0128: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0138: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0148: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0158: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0168: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0178: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0188: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0198: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF01A8: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF01B8: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF01C8: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF01D8: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF01E8: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF01F8: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0208: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0218: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0228: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0238: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0248: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0258: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0268: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0278: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0288: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF0298: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF02A8: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF02B8: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF02C8: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF02D8: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
BFFF02E8: FF FF FF FF FF FF FF FF  FF FF FF FF FF FF FF FF  |................|
DD-WRT>
laserfan
DD-WRT Novice


Joined: 12 Nov 2008
Posts: 29

PostPosted: Wed Nov 26, 2008 18:02    Post subject: Reply with quote
deaftone I too had tried a pre-sp2 release unsuccessfully, but was able to recover my AR430 to v24-sp1 by following to-the-letter the original flashing instructions as published by member donn here:

http://www.dd-wrt.com/phpBB2/viewtopic.php?p=215288&highlight=#215288

I haven't read every detail of your posts, but I would say to make certain if you do this that the tftp server has ONLY the linux.bin in its directory that is included with the original v24-sp1 download.

Worked for me--good luck!
vcn
DD-WRT Novice


Joined: 11 Oct 2008
Posts: 4

PostPosted: Wed Nov 26, 2008 19:54    Post subject: Reply with quote
deaftone,
You said in the other thread that this happened after you enabled jffs. The same thing happened to me last week. It looks like turning on jffs nuked the board config.
Good news is that I managed to recover it. I don't have an ar430w handy right now, so I'll post the details to restore it when I get home. It's similar to the steps fluffy posted. (I saw it after I spend a good part of my sleeping hours figuring out the same thing) The gist of it is this:

1) Find the flash location of the board config. You can find this in the dd-wrt boot log of a good ar430w or dir300. it's the address of mtd\6. I think openwrt also has a copy up on their site.
2) Make a copy of /dev/mtd/6 from a good router.
3) Find the MAC addresses located in the previous file and change them to those of your router.
4) Load up the original ar430w redboot to your router.
5) fwrite the file from step 3 to the address from step 1.
6) flash to dd-wrt
Goto page 1, 2, 3, 4  Next Display posts from previous:    Page 1 of 4
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum