@HardReset: do you mean my computer IP? I have set fixed to 192.168.1.2,
by the way, I'm trying to backup the CFE,KERNEL by using : jtag -backup:cfe /fc:19 /noreset
but the process show "fffffff fffffff fffffff" for each block, this happen both CFE and Kernel. is that mean that the CFE is blank? how to program it? I never use command jtag -erase:cfe ..
Yep.. cfe is blank assuming your jtag setup is working.. I wonder how that happened
Sorry about being vague with the static thing.. The first thing to do is ping the router after eraseing nvram & kernel. If the cfe is good, the router will respond. It is common for a user to forget to set a static IP in the rig. I do it all the time (forget).
Except for the flashchip being forced, your jtag setup see's the processor right.
If you cfe backup is all ff's, then you need to flash a cfe 1st.
I have 2 firmware, 1st firmware is Linksys 310N downloaded from somewhere (I forgot for the web address), and 2nd firmware is DD-WRT taken from this thread.
programming kernel by using TFTP.
when loading Linksys kernel, my router seems back to normal, web access are available with password protected, ping respond is normal.
then I try to erase the kernel and NVRAM and program it with DD-WRT firmware.
After sucessfull loading DD-WRT firmware, I'm doing 30/30/30 hardreset, after that the ping is unstable the Power LED blingking and the WIFI LED is lit. the ping respond still unstable, I cann't access to the web pages or telnet.
Are you using a FW build that has 310N.bin in the name. It is required for the first flash, otherwise you will see what you describe.
redhawk
Yes, the file has that name.
by the way, I just captured the serial output from the chips and got the result below, and this is how the POWER LED is always blinking, the router is always reboot caused by BUS Error when loading the kernel program, seems like flash storage problem when doing TFTP or RAM Problem when loading the firmware.
Quote:
CFE version 1.0.37 for BCM947XX (32bit,SP,LE)
Build Date: Thu Jan 3 14:20:25 CST 2008 (root@linux)
Copyright (C) 2000,2001,2002,2003 Broadcom Corporation.
Note. Cfe has 2 diff commands that are executed for tftp upgrade (boot wait). Both will take tftp transfer of file with right header, but only 1 will really flash the router.
To enter "real" upgrade mode, you must first press the reset button, keep it pressed and then plug in power. Observe ping response and start tftp.
great work redhawk0 i have a 600n and am interested in this cisco console cable, when i was de-bricking mine last year someone mentioned it but i couldn't work out how it works?
do you need to put an rs232 chip inbetween? or is it simply plug and off you go??
Joined: 22 Jun 2008 Posts: 2440 Location: Am now Dark_Shadow
Posted: Thu Mar 04, 2010 1:20 Post subject:
Just recovered one of these bad boys via serial (the following also works on a Asus RT-N16)
**Modified Redhawk0 instructions**
1. Connect Serial cable
2. start a rapid fire Cntl-C as you plug the router to power
1. nvram erase
2. flash -noheader : flash1.trx
3. but have tftp.exe ready
4. flash -noheader : flash1.trx starts the tftp daemon
5. Use Readhawk0's dd-wrt.v24_mini_wrt310N.bin
6. give it 5 minutes after it finishes
7. then power cycle....hard reset...then config
8. when it stops spitting out txt....hit the enter key...you should get a login prompt...at that point, power cycle it, hard reset...then config
9. you'll see it boot up _________________ The New Me
Hey guys/gals
I know this is a old thread but It seems to be exactly what im looking for.
Can someone give me a pinout and give me a run down of their setup?
I picked up a wrt310n v1 at a junk store for $3.50
I then brought it home and promptly broke it.
I wanted to load tomato shibby on it, I got it to take tomato-ND-1.28.5x-124-VPN ok, but the virtual wireless is very buggy to the point of basicly not working so I then tried to load up a K26 build tomato-K26-1.28.RT-MIPSR1-107-MiniVPN (only vpn k26 I could find that would fit)
But it soft bricked, infact even though shibby's site says this router will take a k26 build none of them worked, even though tomatoanon says there are units out there running k26 builds.
anyway in the course of me testing various firmwares I accidentally flashed a MIPSR2 build via the WebUI.
So now it's hard bricked, power just keeps flashing, no ping, no tftp.
It's a old router, I only have 3.50 in it but I'd hate to junk it and also I feel like I need to fix it.
I need a bit of help getting start with Jtag though.
Years back I re-flashed a dead motherboard with a hobbled together printer cable and recovered resisters, the flash chip used SPI.
So this seems similar but a lot complicated.
I need pinouts and setup advice, Im gonna probably just buy a cable off ebay.
I already bought a security bit set from harbor freight (damn you linksys).
I've see 3 connectors on the board.
JP3, 12pin, thru-hole
JB1, 6pin top/bottom, top marked 11 - 1, bottom 15 - 5.
JB2, 5pin, bottom, 5 - 1
based on the pictures I guess JB1 is JTAG?
And JB2 is serial.. I assume we're talking rs232 for console? not SPI?
JP3 Is unknown?
DHC mentioned flashing via serial? little confused on the procedure of that, but will that still work even in my situation with a bad kernel?
going in via serial would be easier I'd think, less wires.
If I go jtag route is serial still necessary? you can see status via jtag right? Im just looking to de-brick this thing.. If I get it running again Im just gonna load up k24 build that I know works (-V-AP) and be happy.
Any advice you guys can give on how to get started with this I'd appreciate, I've been trying to read up on Jtag, seems like there is a lot of variance in it's pinouts and such.
Also with Jtag would I want to power the unit up normally or do you supply power to teh jtag interface? I know when I reprogrammed that mobo flash ship with spi I had to supply it with 3.3v (mobo off)
See the peacock announcement note 6 and all relevant links in it. _________________ SIG:
I'm trying to teach you to fish, not give you a fish. If you just want a fish, wait for a fisherman who hands them out. I'm more of a fishing instructor.
LOM: "If you show that you have not bothered to read the forum announcements or to follow the advices in them then the level of help available for you will drop substantially, also known as Murrkf's law.."
See the peacock announcement note 6 and all relevant links in it.
OK Im fairly certain it is hard bricked.
Seems like serial is the way to go for a reflash.. assuming the bootloader is intact.
Cheaper, less complex, and less work.
The question is what are the odds my bootloader is intact?
I can not get a ping out of it, is it possible I'd be able to flash over serial? I read the bootloader is usually protected from bad firmware flashes, but I also read the boot loader is responsible for recovery when flashing over TFTP.. which is no longer working.
So is it possible that it will no longer offer ping responses or TFTP but still accessible via serial?
Should I try the serial route or go for the more complicated Jtag flash?
I cruised ebay and found some cheap USB -> TTL boards.
The PL2303 is well known but apparently problematic and wonky drivers.
http://www.ebay.com/itm/331529699010
Im currently leaning towards this ch340g board
http://www.ebay.com/itm/271751638102
It has extra pins for CTS,DTR, and switch selectable 5/3.3v VCC, although neither of those things should be needed for my purpose it seems like a nicer board then the other 2, and also I read it's become a popular chip for Arduino.
Any suggestions?
Only thing is coming from china.. could be up to a 6week wait, that kinda sucks but I don't urgently need the router, I just wanna fix it.
Unless you issued some heavy duty commands it is likely your cfe is intact and serial will work, even though you are not getting responses through the lan cable. _________________ SIG:
I'm trying to teach you to fish, not give you a fish. If you just want a fish, wait for a fisherman who hands them out. I'm more of a fishing instructor.
LOM: "If you show that you have not bothered to read the forum announcements or to follow the advices in them then the level of help available for you will drop substantially, also known as Murrkf's law.."
Unless you issued some heavy duty commands it is likely your cfe is intact and serial will work, even though you are not getting responses through the lan cable.
I didn't, This final brick happened via webUI flash/upgrade coming from: 2.4Kernel build of tomato "tomato-ND-1.28.5x-124-VPN" to a 2.6 Kernel build for MIPSr2
So not sure what procedure it does, Im assuming it doesn't touch the CFE, If I had to guess it's in some sort of boot loop since I accidentally flashed a MIPS R2 build instead of R1. Although I never got any of the Shiby K26 R1 builds working either, but at least I could recover from them with TFTP.
I went ahead and ordered the ch340g serial board.
Im thinking about getting a jtag cable just as a backup in case serial doesn't work, can probably use it later down the road.
Do you know if the Altera USB Blaster clones work for this purpose? OR should I stick with a LPT Cable?
I've got a laptop with printer port but they're becoming extinct so USB is more accessable.
CPE was intact the USB/Serial board came today (pretty fast from china) Worked like a dream.
My router must be a bit older, the CPE was dated nov 07, I noticed log that was posted earlier in the thread had a date of Jan 08
Quote:
CFE version 1.0.37 for BCM947XX (32bit,SP,LE)
Build Date: Wed Nov 28 17:23:03 CST 2007 (root@linux)
Copyright (C) 2000,2001,2002,2003 Broadcom Corporation.
Anyone else notice the router claims it has IDE and USB? has anyone explored either of those options?
could USB be on JP3? or is the router lying?
Can anyone tell me the correct newest dd-wrt build with VPN support to load on to this?
Only one I know that works is the mini one posted in this thread and it's from 2010.
I'd like to get a firmware running that can handle virtual AP, tomato shibby k24builds choke with VAP.
The MIPSr1 k26 builds Im thinking have driver issues or something with the serial console up I could see it was having trouble with et1 (lan) eth0 wifi was recognized but never comes up either.
So Im hoping I can find a DD-WRT build that can property handle VAP and VPN.
Now read the rest of the peacock announcement. Any further questions should be in a new thread, not this necroed recovery thread. _________________ SIG:
I'm trying to teach you to fish, not give you a fish. If you just want a fish, wait for a fisherman who hands them out. I'm more of a fishing instructor.
LOM: "If you show that you have not bothered to read the forum announcements or to follow the advices in them then the level of help available for you will drop substantially, also known as Murrkf's law.."
i have a 600n and am interested in this cisco console cable, when i was de-bricking mine last year someone mentioned it but i couldn't work out how it works?
