Broadcom CFE backup

From DD-WRT Wiki

(Difference between revisions)
Jump to: navigation, search
Revision as of 20:37, 3 March 2020 (edit)
Jeremywh7 (Talk | contribs)
m (add some info)
← Previous diff
Current revision (00:38, 4 March 2020) (edit) (undo)
Jeremywh7 (Talk | contribs)
m (fix syntax)
 
Line 2: Line 2:
=How to backup your CFE= =How to backup your CFE=
-In case of a bricked router due to bootloader (mtd 0) overwrite, or to make modifications, this guide shows how to backup and write the [http://www.linux-mips.org/wiki/Common_Firmware_Environment CFE] bootloader used in Broadcom devices. For a broken Linksys WRT54G/GL/GS CFE, try the [http://www.wlan-skynet.de/download/index.shtml Skynet repairkit] to make a new one. CFEs for these and other various models may also be found at [https://www.dd-wrt.com/phpBB2/viewtopic.php?t=151032 CFE collection project] and ([https://www.dd-wrt.com/phpBB2/viewtopic.php?t=25971 the "old" one]).+In case of a bricked router due to bootloader (mtd 0) overwrite, or to make modifications, this guide shows how to backup and write the [http://www.linux-mips.org/wiki/Common_Firmware_Environment CFE] bootloader used in Broadcom devices. For a broken Linksys WRT54G/GL/GS CFE, try the [http://www.wlan-skynet.de/download/index.shtml Skynet repairkit] to make a new one. CFEs for these and other various models may also be found at [https://www.dd-wrt.com/phpBB2/viewtopic.php?t=151032 CFE collection project] and [https://www.dd-wrt.com/phpBB2/viewtopic.php?t=25971 the "old" one].
There are several methods to backup the CFE (always open the CFE with a HEX editor to verify the contents): There are several methods to backup the CFE (always open the CFE with a HEX editor to verify the contents):
-==by web interface (preferred method)==+===by web interface (preferred method)===
CFE backup is easy via web browser (this works since svn8428, post-RC5): CFE backup is easy via web browser (this works since svn8428, post-RC5):
<pre>http://{router IP address}/backup/cfe.bin</pre> <pre>http://{router IP address}/backup/cfe.bin</pre>
Line 12: Line 12:
<pre>http://192.168.1.1/backup/cfe.bin</pre> <pre>http://192.168.1.1/backup/cfe.bin</pre>
-==by telnet/SSH==+===by telnet/SSH===
For non-micro builds, connect to the router via telnet or ssh (SSH must be enabled!) and enter the following: For non-micro builds, connect to the router via telnet or ssh (SSH must be enabled!) and enter the following:
<pre>dd if=/dev/mtd/0 of=/tmp/cfe.bin</pre> <pre>dd if=/dev/mtd/0 of=/tmp/cfe.bin</pre>
Line 23: Line 23:
*'''Note:''' "/user/cfe.jpg" points to "/tmp/www/cfe.jpg" *'''Note:''' "/user/cfe.jpg" points to "/tmp/www/cfe.jpg"
-''The same can be done for mtd/1 ''linux'' (firmware including kernel), mtd/2, mtd/3, and others.+The same can be done for mtd/1 ''linux'' (firmware including kernel), mtd/2, mtd/3, and others.
*Run ''`cat /proc/mtd`'' to see the mtd partitions. *Run ''`cat /proc/mtd`'' to see the mtd partitions.
-==by JTAG==+===by JTAG===
-this assumes you already have a [[JTAG-Adapter]] cable ready to use on your router, use the following command:+Connect a [[JTAG-Adapter]] cable to the router and use the following command:
<pre>wrt54g -backup:cfe</pre> <pre>wrt54g -backup:cfe</pre>
-you can do the same with the nvram, kernel, etc.+The same can be done with the ''nvram'', ''kernel'', etc.
=Restoring the CFE= =Restoring the CFE=
-''WARNING: Do not attempt to restore the CFE by telnet/SSH unless you know what you are doing and why you are doing it. If done incorrectly, this could render your router unbootable!''+<font color=red>'''WARNING:'''</font> ''Do not flash the CFE (mtd 0) by telnet/SSH unless the risk is understood, as this could render the router unbootable. Only JTAG or soldering a new flash chip could fix it from that point.''
-==by telnet/SSH==+===by telnet/SSH===
First copy the CFE file to the router's /tmp directory (e.g. using something like [[WinSCP]] or wget), then: First copy the CFE file to the router's /tmp directory (e.g. using something like [[WinSCP]] or wget), then:
mtd unlock cfe mtd unlock cfe
mtd write -f /tmp/cfe_new.bin cfe mtd write -f /tmp/cfe_new.bin cfe
-==by JTAG==+===by JTAG===
Use JTAG to restore the unit's CFE. For example: Use JTAG to restore the unit's CFE. For example:
- 
<pre>tjtag -flash:cfe</pre> <pre>tjtag -flash:cfe</pre>
-[[Category:Bootloaders]]+ 
-[[Category:jtag]]+[[Category:Bootloaders]][[Category:jtag]][[Category:Low-level settings]][[Category:Advanced tutorials]]
-[[Category:Low-level settings]]+
-[[Category:Advanced tutorials]]+

Current revision


Contents

[edit] How to backup your CFE

In case of a bricked router due to bootloader (mtd 0) overwrite, or to make modifications, this guide shows how to backup and write the CFE bootloader used in Broadcom devices. For a broken Linksys WRT54G/GL/GS CFE, try the Skynet repairkit to make a new one. CFEs for these and other various models may also be found at CFE collection project and the "old" one.

There are several methods to backup the CFE (always open the CFE with a HEX editor to verify the contents):

[edit] by web interface (preferred method)

CFE backup is easy via web browser (this works since svn8428, post-RC5):

http://{router IP address}/backup/cfe.bin

E.g. for the DD-WRT default IP address (192.168.1.1):

http://192.168.1.1/backup/cfe.bin

[edit] by telnet/SSH

For non-micro builds, connect to the router via telnet or ssh (SSH must be enabled!) and enter the following:

dd if=/dev/mtd/0 of=/tmp/cfe.bin
  • Or paste into Commands at the Administration->Commands tab (Diagnostics.asp) and click Run Commands.

Then get the cfe.bin file from the /tmp directory with FTP, SFTP or SCP (using, for example, WinSCP).

For micro builds there is a trick that can be used, that also works for non-micro builds:

cat /dev/mtd/0 > /tmp/www/cfe.jpg

Then point your browser to http://routerip/user/cfe.jpg and do a File->"Save Page/As" to cfe.bin to the local disk drive. The resulting file should be 256K in size for a cfe.bin file, but varies by router and model.

  • Note: "/user/cfe.jpg" points to "/tmp/www/cfe.jpg"

The same can be done for mtd/1 linux (firmware including kernel), mtd/2, mtd/3, and others.

  • Run `cat /proc/mtd` to see the mtd partitions.

[edit] by JTAG

Connect a JTAG-Adapter cable to the router and use the following command:

wrt54g -backup:cfe

The same can be done with the nvram, kernel, etc.

[edit] Restoring the CFE

WARNING: Do not flash the CFE (mtd 0) by telnet/SSH unless the risk is understood, as this could render the router unbootable. Only JTAG or soldering a new flash chip could fix it from that point.

[edit] by telnet/SSH

First copy the CFE file to the router's /tmp directory (e.g. using something like WinSCP or wget), then:

mtd unlock cfe
mtd write -f /tmp/cfe_new.bin cfe

[edit] by JTAG

Use JTAG to restore the unit's CFE. For example:

tjtag -flash:cfe