Wednesday, June 15, 2011

Debricking WRT54G v8

Objective: Regain WRTG54v8 router functionality.

Problem: Bricked after a bad dd-wrt flash.

Additionals: JTAG cable, 12pins header, Tornado's TJTAG 3.0, TFTP.

Walkthrough:
[Methods]
Hard reset (30/30/30) :
  1. Press and hold the reset button for 30 seconds.
  2. Keep holding the reset button and unplug power cable from router and hold for another 30 seconds.
  3. Keep holding the reset button and plug the power cable back and hold for the last 30 seconds.
This resets to default settings and cleans the NVRAM.
Default settings implies resetting the LAN ip to 192.168.1.1 which will allow you to TFTP flash.

Installing Tornado's TJTAG :
  1. [tjtag-3.0.1.zip] ftp://dd-wrt.com/others/tornado/jtag/
    [tjtagx64-install.zip] http://www.dd-wrt.com/phpBB2/viewtopic.php?p=390360
  2. If your windows is 32bit download the first file and extract it.
    Copy giveio.sys to /windows/system32/drivers/
    Execute loaddrv.exe, append giveio.sys and click Start - This will allow TJTAG to probe the serial bus.
  3. If your windows is 64bit, download the second file from dd-wrt forum.
    Extract it, navigate to /InpOutBinaries_1200/Win32/ and execute InstallDriver.exe
Flash via TFTP :
  1. tftp 192.168.1.1
  2. >binary
  3. >rexmt 1
  4. >timeout 60
  5. >put dd-wrt.v24_micro_generic.bin
Should appear something like: Sent 1769472 bytes in 3.4 seconds.

[Behavior]
First of all, check what are the behaviors of your bricked router. Connect to router with a ethernet cable and manually configure your connection with the last known working settings.
  • If you don't remember the settings go to @Step 1.
  • If you are able to establish the connection, ping your router, if you get responses go to @Step 13. If you don't get any response do a 30/30/30 hard reset and try again if unsuccessful go to @Step 1.
[Steps]
  1. Solder the 12pin header to your router.
  2. Connect the JTAG cable to the 12pin header and to your computer's Serial port.
  3. [Install TJTAG]
  4. Open CMD and navigate to the folder containing tjtag exe.
  5. Run tjtag -probeonly, it should display info about your router. If it doesn't detect your flash chip, try to run this command right after pluging the power to the router.
  6. Run tjtag -erase:wholeflash twice, do the immediate command running in the step above if necessary.
  7. Get the correct CFE.bin for your router in ftp://ftp.barryware.net/cfe%20collection%20project/ user:dd-wrt password:router
  8. Rename to CFE.bin if necessary and move it to the same folder which contains tjtag exe.
  9. Run tjtag -flash:cfe /noemw /nocwd /noreset
  10. After finishing, power cycle and do a 30/30/30 hard reset. The leds should be off.
  11. Connect via ethernet to your router.
  12. ping 192.168.1.1 If you get a latency, means it worked and we will be able to tftp flash it.
  13. Search your router model at http://www.dd-wrt.com/site/support/router-database
  14. Download tftp utility and dd-wrt.v24_micro_generic.bin.
  15. [Flash via TFTP]
  16. Power cycle and do a 30/30/30 hard reset.
  17. Connect to 192.168.1.1 and it should now appear the dd-wrt management. Change user and password.
  18. Done.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)