Flashing router got several ways. But flashing through the serial port of the router is the preferred way. As you are dealing directly via the cli(command line) you instantly know what is going on, if your flashing done successfully or not.
In the last two posts I have described how to do part of the work. I will not go into it here in this post.
1. You will need a tftp server running in the computer that you are using to flash your router. Please go through this post here to know how to setup tftpd,
http://router-mod.blogspot.com/2018/09/the-easy-way-out-easy-flashing-without.html
For Linux(that I use) you can use tftpd-hpa. It's config file is in the directory(arch/manjaro linux) is in /etc/conf.d/tftpd, mine looks like this,
TFTP_ADDRESS="0.0.0.0:69"
TFTPD_ARGS="-c -vvvv --secure /srv/gtftp/"
For windows above url details how to setup the tftp server.
2. You will also need to setup a serial/UART TTL Converter for serial input/output commands. Previous document/post got the complete details about how to do that, link is here,
http://router-mod.blogspot.com/2018/09/router-serial-or-uart-port-how-to-find.html
Now, Copy Ram content to flash
4. cp.b 0xa0800000 0x9f020000 0x3c0000
If you have uboot or cfe you can use,
7. help
It will show you all available commands for you to use.
For most u-boot/cfe using,
7a. help <command> i.e. help ifconfig, will show how to use that command!!
If you have successfully flashed openwrt then the first thing you should do is make a backup of your current firmware i.e. openwrt and other tools i.e. u-boot and art partition like this,
cat /proc/mtd (Check which is art, u-boot and firmware),
cat /dev/mtd0 > /tmp/uboot_backup.bin
cat /dev/mtd4 > /tmp/art_backup.bin
cat /dev/mtd5 > /tmp/firmware_backup.bin
Another way(Online with firmwares with boot in it i.e with bootloader),
ls /dev/ (Verify if mtd4 is art and mtd0 is uboot)
dd if=/dev/mtd4 of=/tmp/art_back2.bin (art back here)
Note : U need to copy above art backup i..e art_back2.bin to yr computer with scp...see below how to scp
After you have flashed you need to update openwrt,
1. ssh root@192.168.1.1 (whichever ip now i.e. openwrt starts with 192.168.1.1 or 192.168.0.1)
1b. change password first, issue passwd command and change password to yr liking.
1c.then reboot system...
Then copy upgrade file to tmp dir,
scp /srv/gtftp/lede-ar71xx-generic-tl-wr841-v12-squashfs-sysupgrade.bin root@192.168.1.1:/tmp/
sysupgrade /tmp/lede-ar71xx-generic-tl-wr841-v12-squashfs-sysupgrade.bin
reboot system again
at this point you should be connected to internet, if not you will need to connect via web interface or command line, web preferred.
issue, opkg update
issue opkg install luci (if u have not added luci during compile time, or using pre-build images without luci)
issue, /etc/init.d/uhttpd enable
/etc/init.d/uhttpd start
then go into 192.168.1.1(from yr web browser) and change ip of router to 192.168.x.x(whatever subnet u prefer) and reboot.
2. Broadcom CFE : If the router got broadcom SOC(System on chip) then you will likely have CFE as boot loader. You need to switch on the router and at the same time keep "Ctrl-C" i.e. Control C keys pressed and boot loader will stop booting existing firmware and will stop at it's cli/command prompt!!
Please note, all this broadcom routers use trx files with no extra headers, to flash from serial console I have used following sequence of commands,
NOTE : Press and hold Ctrl-C Right before switch on router to go into CFE!!!!
I had setup a tftp server hpa-tftp in my arch linux box at ip 0.0.0.0:63(I use it for many other flashing!)
ifconfig eth0 -addr=192.168.1.11 -mask=255.255.255.0 -gw=192.168.1.4 -dns=192.168.1.4
Connected router with my computer with any of the lan ports.
nvram erase
flash -noheader 192.168.1.4:tomato-K26USB-1.28.9999MIPSR2RAF-TendaN6.trx flash1.trx
then just do reboot on CFE command prompt.
after boot up,
use nvram erase again. and reboot to go into fresh and clean tomato install.
To backup cfe and flash files(From within cfe), I have instructions before, please find them, they are everywhere if u look close enough like,
save 192.168.1.4:fh305.cfe BC000000 20000
cfe size total = Boot partition size = 131072(0x20000)
Rom total size is : 1048576 = 100000 Hex. ( 1 MB)
So total Rom,
save 192.168.1.4:fh305full.bin BC000000 100000
Tenda fh305 only got id starting from vlan1 and tomato sets vlan1 as wan, which is incorrect for this router(It was expecting vlan0 for lan ports). All I did set vlan1 to Lan ports and vlan2 to wan with ofcourse adding cpu flags which is also different from most other routers.
To Configure the vlan for tenda fh305 in tomato Commands I have used,
nvram set vlan1ports="1 2 3 5"
nvram set vlan2ports="0 5"
nvram set vlan0ports=""
nvram set manual_boot_nv=1
nvram commit
reboot
============================================================
My Profession : By trade I'm a Software Engineer. But I Love trading currency or Forex markets and trade mostly eurusd markets. So I needed a reliable and dependable router system that I think openwrt or tomato can provide with a good ISP. I trade with reputable International Forex brokers.
To know how to do Forex Trading go here : Forex Trading: My regular source of income
For signals on eurusd go here My Forex Trading Journal
In the last two posts I have described how to do part of the work. I will not go into it here in this post.
1. You will need a tftp server running in the computer that you are using to flash your router. Please go through this post here to know how to setup tftpd,
http://router-mod.blogspot.com/2018/09/the-easy-way-out-easy-flashing-without.html
For Linux(that I use) you can use tftpd-hpa. It's config file is in the directory(arch/manjaro linux) is in /etc/conf.d/tftpd, mine looks like this,
TFTP_ADDRESS="0.0.0.0:69"
TFTPD_ARGS="-c -vvvv --secure /srv/gtftp/"
For windows above url details how to setup the tftp server.
2. You will also need to setup a serial/UART TTL Converter for serial input/output commands. Previous document/post got the complete details about how to do that, link is here,
http://router-mod.blogspot.com/2018/09/router-serial-or-uart-port-how-to-find.html
Now connect your serial port just like the last two images(not posting here) in the above linked post.
For windows you use putty and for linux it's screen or minicom(i use this). In the router boot process there are two types of software loading happens. First the bootloader, for Atheros based router it's usually u-boot and for broadcom based routers it's CFE(Common Firmware Environment). The bootloadar loads all the hardware parameters and passes it to the actual firmware that it loads.
We are replacing the firmware provided by the router vendor to custom firmware i.e. openwrt or dd-wrt or tomato. So we need our bootloader to halt booting the firmware and wait for our commands at it's cli interface that is only available via serial console/UART console. For linux just open up a terminal, Connect your UART to Serial Adapter/Converter(cp210x etc) and start up minicom. For windows you need to start and connect putty to serial port. To halt booting existing vendor provided firmware we need to do the following,
1.Atheros/Qca-Atheros u-boot : For Atheros SOC based routers u-boot will likely be your bootloader. To halt the boot loader at it's cli, We need to be alert as it will show a 1 second boot wait time, and if it's a tp-link router we shall have to write "tpl" and hit enter very fast. for every 4 or 5 bootings I could do it probably once. So, what I did, I programmed minicom to startup with "tpl" and hit enter(auto). So, As soon as I power on the router, I start minicom and it initialize the router with 'tpl'. This way, I get my boot loader prompt!! each time I switch on my router.
In above image, u-boot is awaiting commands after "tpl"...
Your boot prompt is likely different such as "ap143>" or "ap121>" etc for tp-link routers with default bootloader provided by the vendor.
Meanwhile You must download the router firmware i.e. if it's openwrt go here and download firmware image file for your router,
for dd-wrt go here,
In case You are not successful in your flash or wish to revert back to vendor firmware you should download firmware from vendor site, for tp-link it should be here,
Special Note:
Please backup your current Firmware Before you do new flashing. As it is not possible from cli, You must get a copy of your Latest firmware from vendor site, like mentioned above. If you got tp-link router and the firmware got "boot" mentioned in the downloaded file then You need to strip the file with dd in linux,
you will need to strip out the first 0x20200 bytes (131584 bytes),
dd if=orig.bin of=tplink.bin skip=257 bs=512 (dd is a linux command line tool) or
Download a stripped image from here,
Note : You can contact me or leave Message for me to get you a stripped image if required.
Now, Copy your desired firmware file, copy it into the tftpd directory in your computer i.e. in my case my tftpd server directory is /srv/gftpd and I copy the file into it.
Connect your router with your computer via a UTP cable directly into in any of the lan or the wan port. One also must setup the router and the computer ip manually at this point. Please go into your ip settings and manually choose a subnet and set it up like this,
I choose subnet of 192.168.100.x so I choose my computer details as below,
IP: 192.168.100.100, subnet mask: 24 aka 255.255.255.0 and gateway to my router i.e. 192.168.100.10(my pre-determined router ip).
Notice, In above Image I have selected a subnet and setup ipv4 manually, look into method it's manual for "Network Manager" in linux, similar for windows, setup ip manually.
At this point If you got windows, turn off windows firewall in order to have the router access tftp server of your computer. for Linux you have to turn of firewall like this,
Check if firewall enabled, systemctl status ufw, if enabled and green!!, then
a. systemctl disable ufw,
b. systemctl stop ufw., this will disable ufw(linux firewall) completely.
At this point If you got windows, turn off windows firewall in order to have the router access tftp server of your computer. for Linux you have to turn of firewall like this,
Check if firewall enabled, systemctl status ufw, if enabled and green!!, then
a. systemctl disable ufw,
b. systemctl stop ufw., this will disable ufw(linux firewall) completely.
Now Setup your router via cli in serial port with u-boot or cfe,
Old u-boot(default),
(I'm using subnet x.x.100.x),
set serverip 192.168.100.100
set ipaddr 192.168.100.10
If it's new u-boot from pepe's repo, then,
setenv serverip 192.168.100.100
setenv ipaddr 192.168.100.10
Now verify if ip addresses are correctly set with,
printenv
Now verify if ip addresses are correctly set with,
printenv
Now check if connection established bitween computer and router,
1. ping 192.168.100.10 (Check if server is live!!)
If connected then will see something like this,
gfx:/etc/conf.d$ ping 192.168.100.10
PING 192.168.100.10 (192.168.100.10) 56(84) bytes of data.
64 bytes from 192.168.100.10: icmp_seq=1 ttl=64 time=0.368 ms
64 bytes from 192.168.100.10: icmp_seq=2 ttl=64 time=0.265 ms
64 bytes from 192.168.100.10: icmp_seq=3 ttl=64 time=0.282 ms
64 bytes from 192.168.100.10: icmp_seq=4 ttl=64 time=0.393 ms
^C
If not connected, then retry reconnecting the wires and try ping again
If it's connected then,
2. tftpboot 0xa0800000 tftp-boot-file(Yr dd-wrt/openwrt rom)
Example,
ar7240> tftpboot 0x80000000 openwrt-ar71xx-generic-tl-wr841n-v8-squashfs-factory.bin
Using eth0 device
TFTP from server 192.168.1.100; our IP address is 192.168.1.111
Filename 'openwrt-ar71xx-generic-tl-wr841n-v8-squashfs-factory.bin'.
Load address: 0x80000000
Loading: checksum bad
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
#################################################################
######################################################
done
Bytes transferred = 3932160 (3c0000 hex)
With above commands you have loaded your new router boot file/image into routers ram!!
Now erase your routers current firmware from flash rom,
3. erase 0x9f020000 +0x3c0000
Please note that above "+0x3c0000" Memory location is mentioned after loading new rom image into routers ram i.e. "Bytes transferred = 3932160 (3c0000 hex)"
Now, Copy Ram content to flash
4. cp.b 0xa0800000 0x9f020000 0x3c0000
Now boot router with newly installed openwrt rom(in this case),
5. bootm 0x9f020000
If booting successful you will be greeted with messages similar below(Serial Console or SSH),
====================================================BusyBox v1.25.1 () built-in shell (ash)_________/ /\ _ ___ ___ ___/ LE / \ | | | __| \| __|/ DE / \ | |__| _|| |) | _|/________/ LE \ |____|___|___/|___| lede-project.org\ \ DE /\ LE \ / -----------------------------------------------------------\ DE \ / Reboot (17.01-SNAPSHOT, r3909-b6a1f43075)\________\/ -----------------------------------------------------------=== WARNING! =====================================There is no root password defined on this device!Use the "passwd" command to set up a new passwordin order to prevent unauthorized SSH logins.--------------------------------------------------root@LEDE:/#
===================================================
If you find you are in boot loop or not booting new firmware, Please do not panic. You can go back to your original firmware if you have done the backup mentioned previously or if you got a stripped original firmware file from vendor site.
Use above commands and reflash to get back to working original firmware,
1. ping 192.168.100.10 (Check if server is live!!)
2. tftpboot 0xa0800000 wr841nv3-3169-160612.bin(Yr tp-link downloaded fimrware file)
3. erase 0x9f020000 +0x3c0000 (note the last 3c0000 address)
4. cp.b 0xa0800000 0x9f020000 0x3c0000 (Copy ram contant to flash chip)
4. cp.b 0xa0800000 0x9f020000 0x3c0000 (Copy ram contant to flash chip)
5. bootm 0x9f020000 (Boot Router to new flashed image)
For Information about current boot environment variables you can do,
6. printenv
uboot will show all available commands in env. variable.
If you have uboot or cfe you can use,
7. help
It will show you all available commands for you to use.
For most u-boot/cfe using,
7a. help <command> i.e. help ifconfig, will show how to use that command!!
Note : In some routers u hv to note down yr Hardware or mac address as it may get changed, u hv to change it back to original. It is also printed in the back sticker of your router!!
If you have successfully flashed openwrt then the first thing you should do is make a backup of your current firmware i.e. openwrt and other tools i.e. u-boot and art partition like this,
cat /proc/mtd (Check which is art, u-boot and firmware),
cat /dev/mtd0 > /tmp/uboot_backup.bin
cat /dev/mtd4 > /tmp/art_backup.bin
cat /dev/mtd5 > /tmp/firmware_backup.bin
Another way(Online with firmwares with boot in it i.e with bootloader),
ls /dev/ (Verify if mtd4 is art and mtd0 is uboot)
dd if=/dev/mtd4 of=/tmp/art_back2.bin (art back here)
Note : U need to copy above art backup i..e art_back2.bin to yr computer with scp...see below how to scp
After you have flashed you need to update openwrt,
1. ssh root@192.168.1.1 (whichever ip now i.e. openwrt starts with 192.168.1.1 or 192.168.0.1)
1b. change password first, issue passwd command and change password to yr liking.
1c.then reboot system...
Then copy upgrade file to tmp dir,
scp /srv/gtftp/lede-ar71xx-generic-tl-wr841-v12-squashfs-sysupgrade.bin root@192.168.1.1:/tmp/
sysupgrade /tmp/lede-ar71xx-generic-tl-wr841-v12-squashfs-sysupgrade.bin
reboot system again
at this point you should be connected to internet, if not you will need to connect via web interface or command line, web preferred.
issue, opkg update
issue opkg install luci (if u have not added luci during compile time, or using pre-build images without luci)
issue, /etc/init.d/uhttpd enable
/etc/init.d/uhttpd start
then go into 192.168.1.1(from yr web browser) and change ip of router to 192.168.x.x(whatever subnet u prefer) and reboot.
2. Broadcom CFE : If the router got broadcom SOC(System on chip) then you will likely have CFE as boot loader. You need to switch on the router and at the same time keep "Ctrl-C" i.e. Control C keys pressed and boot loader will stop booting existing firmware and will stop at it's cli/command prompt!!
Please note, all this broadcom routers use trx files with no extra headers, to flash from serial console I have used following sequence of commands,
NOTE : Press and hold Ctrl-C Right before switch on router to go into CFE!!!!
I had setup a tftp server hpa-tftp in my arch linux box at ip 0.0.0.0:63(I use it for many other flashing!)
ifconfig eth0 -addr=192.168.1.11 -mask=255.255.255.0 -gw=192.168.1.4 -dns=192.168.1.4
Connected router with my computer with any of the lan ports.
nvram erase
flash -noheader 192.168.1.4:tomato-K26USB-1.28.9999MIPSR2RAF-TendaN6.trx flash1.trx
then just do reboot on CFE command prompt.
after boot up,
use nvram erase again. and reboot to go into fresh and clean tomato install.
To backup cfe and flash files(From within cfe), I have instructions before, please find them, they are everywhere if u look close enough like,
save 192.168.1.4:fh305.cfe BC000000 20000
cfe size total = Boot partition size = 131072(0x20000)
Rom total size is : 1048576 = 100000 Hex. ( 1 MB)
So total Rom,
save 192.168.1.4:fh305full.bin BC000000 100000
Tenda fh305 only got id starting from vlan1 and tomato sets vlan1 as wan, which is incorrect for this router(It was expecting vlan0 for lan ports). All I did set vlan1 to Lan ports and vlan2 to wan with ofcourse adding cpu flags which is also different from most other routers.
To Configure the vlan for tenda fh305 in tomato Commands I have used,
nvram set vlan1ports="1 2 3 5"
nvram set vlan2ports="0 5"
nvram set vlan0ports=""
nvram set manual_boot_nv=1
nvram commit
reboot
============================================================
My Profession : By trade I'm a Software Engineer. But I Love trading currency or Forex markets and trade mostly eurusd markets. So I needed a reliable and dependable router system that I think openwrt or tomato can provide with a good ISP. I trade with reputable International Forex brokers.
To know how to do Forex Trading go here : Forex Trading: My regular source of income
For signals on eurusd go here My Forex Trading Journal
This comment has been removed by the author.
ReplyDeleteVery Interesting post about Your Router was not successfully Setup
ReplyDeleteIt is somewhat fantastic, and yet check out the advice at this treat. wireless router
ReplyDeleteOkay great . Which Internet broadband is best? Fibrus Newcastle
ReplyDeleteMy router has a bad update and now cfe could t load any eth interfaces, so i cant get any tftp... Any ideas?
ReplyDeletePlease contact me
DeleteI have a netGear WAP 720 ACCES POINT Theit firmware is restricted : must be controled by an Wirless controlor which is dead . I like to firmware change by consloe with firmware offered by Netgear . I have acces on console . Did you think you can help me?Thank you in advance Vlad Romania
ReplyDelete