Joined: 16 Apr 2016 Posts: 307 Location: California
Posted: Mon Feb 20, 2017 5:56 Post subject: Netgears...
Older Netgears go into tftp recovery mode like this...
1) Unplug the Router...
2) Hold in the reset button. (Keep Holding)
3) Plug in the router.
4) within 30 to 45 seconds on older models... You will see the Power light start blinking
5) Release the reset button
The router is now in maintenance mode. (TFTP Mode)
Now... You also have a secondary problem...
The "Reset Button Stuck" problem is not the button nor anything with it.
This is a CPU problem or Resistor Problem. It is in a different location on every netgear. Most of the time is is CPU damage.
Netgear 3300's are old. Get a newer model to play with like 3800 for cheap. The 3800's and 4300's are fun _________________ My Karma ran over your Dogma
SploitWorks Custom Flashed Routers
Either made some progress or found that the soc is indeed beyond repair.
Desoldered the mx25l1606e flash and dumped it using a raspberry pi and flashrom (tried doing it in-situ, using the router to supply power but it was a no-go).
I'm not sure if this is the proper way to modify the cfe, but I found two instances of reset_gpio=6 (assuming this is nvram and backup?). One was at the end, so I simply zero'ed it out. The other was in the middle, so I deleted it, shifting everything forward, and then added it to the end of the section, again zeroing it out, so as not to change the size of the file.
Flashed it and resoldered it back on.
Now, it seems to get past the reset button release, but is getting stuck in a loop:
Code:
Decompressing...done
CFE for R6300 version: v1.0.2
Build Date: Wed Apr 25 16:29:10 CST 2012
Init Arena
Init Devs.
Boot partition size = 262144(0x40000)
Found an ST compatible serial flash with 32 64KB blocks; total size 2MB
Found a Samsung NAND flash with 2048B pages or 128KB blocks; total size 128MB
et0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 5.100.138
CPU type 0x19749: 600MHz
Tot mem: 131072 KBytes
Device eth0: hwaddr 20-E5-2A-08-87-A2, ipaddr 192.168.1.1, mask 255.255.255.0
gateway not set, nameserver not set
load default!
Decompressing...done
CFE for R6300 version: v1.0.2
Build Date: Wed Apr 25 16:29:10 CST 2012
Init Arena
Init Devs.
Boot partition size = 262144(0x40000)
Found an ST compatible serial flash with 32 64KB blocks; total size 2MB
Found a Samsung NAND flash with 2048B pages or 128KB blocks; total size 128MB
et0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 5.100.138
CPU type 0x19749: 600MHz
Tot mem: 131072 KBytes
Committing NVRAM...done
Waiting for reset button release...donDecompressing...done
CFE for R6300 version: v1.0.2
Build Date: Wed Apr 25 16:29:10 CST 2012
Init Arena
Init Devs.
Boot partition size = 262144(0x40000)
Found an ST compatible serial flash with 32 64KB blocks; total size 2MB
Found a Samsung NAND flash with 2048B pages or 128KB blocks; total size 128MB
et0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 5.100.138
CPU type 0x19749: 600MHz
Tot mem: 131072 KBytes
Device eth0: hwaddr 20-E5-2A-08-87-A2, ipaddr 192.168.1.1, mask 255.255.255.0
gateway not set, nameserver not set
load default!
Decompressing...done
CFE for R6300 version: v1.0.2
Build Date: Wed Apr 25 16:29:10 CST 2012
Init Arena
Init Devs.
Boot partition size = 262144(0x40000)
Found an ST compatible serial flash with 32 64KB blocks; total size 2MB
Found a Samsung NAND flash with 2048B pages or 128KB blocks; total size 128MB
et0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 5.100.138
CPU type 0x19749: 600MHz
Tot mem: 131072 KBytes
Committing NVRAM...done
Waiting for reset button release...donDecompressing...done
CFE for R6300 version: v1.0.2
Build Date: Wed Apr 25 16:29:10 CST 2012
Init Arena
Init Devs.
Boot partition size = 262144(0x40000)
Found an ST compatible serial flash with 32 64KB blocks; total size 2MB
Found a Samsung NAND flash with 2048B pages or 128KB blocks; total size 128MB
et0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 5.100.138
CPU type 0x19749: 600MHz
Tot mem: 131072 KBytes
Device eth0: hwaddr 20-E5-2A-08-87-A2, ipaddr 192.168.1.1, mask 255.255.255.0
gateway not set, nameserver not set
Is this from improperly modifying the cfe?
I did notice there was also "gpio7=robo_reset" but left that alone. I assumed this was related to the wps or wifi on/off button, but could it be responsible as well?
Otherwise, it sounds like the soc is toast.
Really hoping it came down to a bad cfe mod. Any input?
Thanks. Again, this is for the r6300 (sorry to threadjack/necro)
edit: as well, I am still unable to interrupt the boot via ctrl+c.
Joined: 16 Apr 2016 Posts: 307 Location: California
Posted: Tue Feb 21, 2017 7:13 Post subject: ehhhh
Try using CTRL-C-ENTER in that order rapidly.
On alot of netgears I have found CTRL-C is not good enough it wants the ENTER after it like pressing CTRL-ALT-DEL in windows. _________________ My Karma ran over your Dogma
SploitWorks Custom Flashed Routers
