Many people have probably tried modifying the Linksys WRT54G to turn it into a something else rather than the Linksys router (*ahem*) ;-). Perhaps, yours is just dead due to a bad flashing process. Due to the way firmware is transfered via TFTP, and sometimes simple due to bad firmware, there is a reasonable chance someone will end up with a brick instead of whatever it was suppose to be. We almost lost our beloved WRT54G but thank goodness we managed to bring it back from the dead. So we want to share our near death experience with you.
Disclaimer: We take no responsibility for any damage you may do to your router, directly or indirectly as a result of following what we've outlined here. We also take no responsibility for what you may do with your router if you do manage to save its soul. Do not engage in illegal acts with your router.
Ok, lets get on with it.
Disclaimer: We take no responsibility for any damage you may do to your router, directly or indirectly as a result of following what we've outlined here. We also take no responsibility for what you may do with your router if you do manage to save its soul. Do not engage in illegal acts with your router.
Ok, lets get on with it.
Many people have probably ignored the set BOOTWAIT=ON instruction because they didn't think the firmware would fail in the first place. Well, if that was done in the first place, it will come in very handy in situation like this. When the firmware fails, the WRT54G still allows you to flash the firmware at boot time. The router will not need to be taken apart and no shorting of circuit will be required. In fact, you can safely skip the next few paragraphs to where we get on with flashing the unit.
If you're reading this, perhaps you're one of those who have not heeded the warning to set BOOTWAIT=ON . Welcome to the hard part. Firstly, you will need some tools before you begin. You will need a very small screwdriver or metallic point capable of conducting electricity. In addition, you will need a magnifying lens, microscope or in our case, just one side of a pair of binoculars.
Next you will need to turn the screws and remove the 2 antenna behind. For those who have modified or replace antenna before, this would be the same procedure. Its fairly simple, just unscrew.
Now get ready to void your warranty. You will need to remove the Blue cover plate. Hold the router firmly then press, and pull out. You will quite likely break the warranty sticker in the process. This is how things look after removing the blue cover plate.
Now you need to put the blue cover plate aside and open up the rest of the box. The whole black plastic casing can be removed as shown in the next picture.
You will need to identify the back part of the circuit board. Namely, you need to know which is the reset button, the 4 UTP connectors and the power plug.
There is one more thing you need to identify and its on the circuit board. Thats the Intel firmware chip. For the version we tested on, the pins to short are 15 and 16. Other versions may require shorting different pins. There is where you need the magnifying lens.
And if you had BOOTWAIT=ON, this is where you will come in and join the rest of the article.
Before you short the pins, you will need to start your laptop or PC and connect a UTP LAN cable to your router via one of the 4 ports. You will need to open up 2 console windows, one of them running TFTP. The other window running ping. You can do this in Windows or Linux but the specific commands may vary. We used Linux in our test and we set ping to go on for a very long time with ping -n 9999 192.168.1.1. As for TFTP, you will need to at least have the following commands ready:
Before you short the pins, you will need to start your laptop or PC and connect a UTP LAN cable to your router via one of the 4 ports. You will need to open up 2 console windows, one of them running TFTP. The other window running ping. You can do this in Windows or Linux but the specific commands may vary. We used Linux in our test and we set ping to go on for a very long time with ping -n 9999 192.168.1.1. As for TFTP, you will need to at least have the following commands ready:
TFTP 192.168.1.1
>binary
>rexmt 1
>put ( Do not press [Enter] yet )
If you had BOOTWAIT=ON set, all you need to do is to power up your router. Once you see that the ping works, press [Enter].
If not, this is the tricky part. There are reports that you can get the firmware chip to go into failsafe mode by shorting the circuit and plugging in the power. We did not manage to get that to work. However, what we did was much more dangerous. We powered up the router, used the magnifying glass, and inserted the screwdriver between pins 15 and 16. Lightly twist it so that it touches and shorts the 2 pins. The ping will take a few more seconds to kick in, get ready to press [Enter].
Some may lose the process here and not know what to expect on the TFTP side. So did we. If your TFTP console is not saying anything about ACK accepted, it did not work. If it says that but is too slow to complete the transfer, you have probably forgotten to set rexmt 1. What you should see is ACK accepted and lots of transfers in a short time. It takes only a few seconds to complete. If you get that going, congratulations. You can press the reset button on the router now.
Why do I need the ping? You need it to know when failsafe mode is on. And you need it to trigger the transfer on TFTP. Another question will probably be what firmware to flash. Our suggestion is that during the rescue, you should use the original Linksys firmware. After you have successfully saved your router, you can flash it with anything else you like. However, do remember to set BOOTWAIT=ON this time if you had not done so previously.
I hope this article will help somebody recover his router. Over here in Singapore, this router is easily available and cheap, but its still an expensive brick if you can't save it from a bad flash.
If you have any comments, feel free to reach us by email.
No comments:
Post a Comment