Joined: 11 Sep 2007 Posts: 135 Location: 64.233.167.99 :-) not really! Santa Fe, Argentina
Posted: Sat Sep 15, 2007 19:08 Post subject: JTag debricking guide for WRT54G
Hello nice people who have WRT54G's and DD-WRT!
I made this JTag Cable Debricking Guide because I bricked my router this week uploading DD-WRT v24 RC2 and spend several hours reading this forum and asking to RedHawk's (thanks buddy!) until I figure out how to unbrick it!
First of all let me be clear:
1- I'm sort of a beginner on flashing things! So I think anyone can do it!
2- I'm from Argentina so my English is not the best you'll find!
3- I followed the steps I'm about to write with my WRT54G v1.00 and the symptoms I had where that only power and DMZ leds turned on in the front panel of the router and didn't blink at all!
4- I didn't invent the things I'll said... all was taken from other tutorials or from RedHawk instructions so be thankful to the intelligent people we have in DD-WRT development!
5- As every tutorial says: I'm not responsible for the damage done to your router by your incompetence etc, etc, etc!
For those who are idiots (like me) experimenting with their router for their first or second time and brick it follow this awesome guide first:
I recommend to read it very carefully, the first few points r essential, if u get ping responses from the router u r probably saved without much trouble...
Don't forget to try slowing your Ethernet card to 10mbits half duplex to see if that works for the pings... I got responses doing that with DD-WRT v23 SP2.
If u get to topic "Recovery by JTAG cable" with no luck (like me!), that’s were I can help you (hope so)! Making a JTag cable it’s easy and it’s safer than the other 2 methods listed in that tutorial...
Before beginning, to do this u'll need to know how to solder or at least know someone that can do it 4 u!
2- Download HairyDairyMaid Debrick utility from
http://www.dd-wrt.com/dd-wrtv2/down.php?path=downloads%2Fothers%2Fjtag%20tools%2F&download=HairyDairyMaid_WRT54G_Debrick_Utility_v48.zip
and follow the instructions on how to make the JTag cable from the pdf that is inside (HairyDairyMaid_WRT54G_v2_DeBrick_Guide.pdf) or look at
http://wiki.openwrt.org/OpenWrtDocs/Customizing/Hardware/JTAG_Cable
in that page u have 2 alternatives of cables... both works but the "Unbuffered Cable, Xilinx DLC5 Cable III" is easier to make and probably free!
I did the unbuffered cable with an old serial port (DB25) from a 486 I had trashed in my garage! and for the other side of the cable I cut an IDE cable, but is best if u can get a Midi port (the one's used for joysticks!) because it’s smaller and has only 14 pins so u don’t need to cut anything… The 100 ohms resistors cost less than $0.50c.
3- Soldier the 12 pins needed in your router's motherboard where it says JP2, in the HairyDairyMaid_WRT54G_v2_DeBrick_Guide.pdf shows you how it needs to be and where it is. It is right next to the leds...
I got the pins from the 486 motherboard! But any motherboard has those pins...
4- Once the cable and the router are soldered and ready, unplug every cable from the router and then plug only the JTag cable to the parallel port on the PC and the other side to the router. THE ROUTER MUST BE POWERED OFF in this step.
5- This is the step I have problems with and it’s the easiest one!:
- First unzip HairyDairyMaid Debrick utility
- Copy giveio.sys to C:\Windows\sytem32\drivers
- Start LoadDrv.exe that comes with hairydairy.
- In "Full pathname of driver" write: C:\WINDOWS\system32\drivers\giveio.sys and press Install and Start buttons.
If everything is right in status should said: "Operation was successful"
If not check the path. I think it is case sensitive because I brote c:\windows\system32\... and didn’t worked!
6- Once the driver is working ("Operation was successful") read "The Software" section in the pdf from HairyDairyMaid to get some ideas on how it works!
7- Now open a DOS windows by clicking on Start, Run, type CMD and then Enter. And go to HairyDairyMaid directory.
8- Now... I'll explain how this app work... first write the command u'd like to use and then plug the router's power cable and quickly hit Enter key on the computer... its easy! So first do a backup of everything.
For that the commands would be:
wrt54g -backup:cfe
wrt54g -backup:nvram
wrt54g -backup:kernel
wrt54g -backup:wholeflash
type one command at a time obviously and what for the backup to finish! The kernel and wholefalsh commands takes about 15 minutes each...
If you see no progress, and by that I mean that no percentage number is increasing or it freezes at Clearing Watchdog then something is wrong...
What happened to me was that my processor number was old or something and had problems with HairyDairyMaid new processor compatibility... I really didn't understand but with the command:
wrt54g -backup:cfe /noreset /nobreak worked wonderfully! (That would be applied on version 1.00 of WRT54G)
RedHawk told me that he used /nocwd /noewm /noreset parameters for his router otherwise it freezes at clearing watchdog timer too.
Also he told me that another way around this... at least it worked for him in the past... if it freezes... unplug the unit and plug it back in with the wrt54g.exe command line still running.
9- If you see that the backup up is running: congratulation! You probably did it in less time than me!
Now what I recommend you is to erase ONLY the nvram... so DD-WRT firmware rebuild it next time the router powers on.
For doing this just type:
wrt54g -erase:nvram
then disconnect the router, disconnect the JTag cable, start pinging the router to 192.168.1.1 and connect the router power again with the network cable to the computer (without JTag)... and cross your fingers!
In my case the pings reply and I entered the web interface and downgraded to an old beta of v24 I was using, but if the web interface doesn’t work start re reading the first steps of the first guide! the ones that tells you what to do when pings works! Because u can probably revive it with tftp or something.
Another thing… in my case, after erasing the nvram, with the v24 cr2 firmware, if I unplugged and plugged the router for the second time it bricked again… so I the web interface doesn’t work and u need to tftp while boot wait, then u’ll need to erase nvram each time the router is powered off…
OK, that’s all in what I can help! I hope I have been helpful to someone and had not waste my time building this guide!
Good luck with your flashings...
what if you got an error while trying to use a jtag. Basically i bought a premade one from ebay, soldered it in, type in the commands(had to use my neighbors computer as none of my computer have a parallel port) and basically didn't work. If I remember right it couldn't find it..
Joined: 11 Sep 2007 Posts: 135 Location: 64.233.167.99 :-) not really! Santa Fe, Argentina
Posted: Sat Sep 15, 2007 21:04 Post subject:
Tortri wrote:
what if you got an error while trying to use a jtag. Basically i bought a premade one from ebay, soldered it in, type in the commands(had to use my neighbors computer as none of my computer have a parallel port) and basically didn't work. If I remember right it couldn't find it..
Can u copy and paste the error u r getting here?
Did you load the driver with loaddrv.exe before using wrt54g.exe?
Joined: 04 Jan 2007 Posts: 11564 Location: Wherever the wind blows- North America
Posted: Sat Feb 07, 2009 19:45 Post subject:
moreins wrote:
thanf for all the info posted here...
quick question...
what about using
Code:
/nocwd /noewm /noreset
when issuing
Code:
tjtag -flash:cfe
?? is this necessary??
thanks
Yeah...that was a typo..../noemw not /noewm (I got these fat fingers...doncha know)
Anyway....you can use /nocwd and /noemw with 5352 processor and older units...but I have found that they are not necessary with 5354 processor based...use just /noreset (and /bypass...if your flash chip supports it)
And....I never used /noreset with older units either.
redhawk _________________ The only stupid question....is the unasked one.
Joined: 04 Jan 2007 Posts: 11564 Location: Wherever the wind blows- North America
Posted: Sat Feb 07, 2009 20:07 Post subject:
moreins wrote:
thanks for the reply!
i wasnt sure about those commands so i just issued tjtagv2 -flash:cfe on a 5354 is that bad???
i havent got any problems but it is taking more time that i expected...
its been almost 15 minutes, and its still on 0% ¿?
No...it won't hurt anything...but if this is a V8...then that is where the problem is. V8 units are horrible little boxes. They are the most troublesome JTAG boxes that I've ever come across. I have a bricked one right now that I know is good...but I've been working over 26 hours (5 days) to reflash a cfe to.
I've flashed it before successfully, but it is a real pain to get it to take.
I can get it to complete a cfe flash...only to find out the data is corrupt...I can take any of my other units and it flashes first time out of the gate.
Anyway...the V8 should flash in about 600 seconds...give or take for a 256K CFE. If it doesn't scroll a full percentage every 5-10 seconds...then there is something wrong.
I always use
tjtag -erase:wholeflash /noreset (twice)
then
tjtag -flash:cfe /noreset /bypass
my K8D1716UBC supports /bypass
if you have a 128K compressed cfe then the command line is
tjtag -flash:cfe128 /noreset /bypass
hope it helps...but these V8's are the worst little boxes that Linky ever produced.
redhawk _________________ The only stupid question....is the unasked one.
Joined: 18 Nov 2006 Posts: 320 Location: Cali, Colombia
Posted: Sat Feb 07, 2009 20:14 Post subject:
yes...i have a wrt54g v8...i got it from a friend and thought i could flash it...
i got the CFE from tornado's downloads...it is a 196KB .BIN file
i havent got any errors so far but its taking too damn long to advance in %.
it takes around 1 minute to complete the 4 groups each line has but its been almost half hour and im still on 3%...i do know its working since new lines appear every while...
what do you recommend me to do? how do i stop the flash procedure and start all over again??
how do i know it my processor supports bypass?
thanks _________________ WRT54GS v2.1 > v24-sp2 (01/01/09) mega
WRT54GS v5 > v24-sp2 (01/01/09) micro
PPTP, WDS link and SD Mod
Joined: 04 Jan 2007 Posts: 11564 Location: Wherever the wind blows- North America
Posted: Sat Feb 07, 2009 20:27 Post subject:
moreins wrote:
yes...i have a wrt54g v8...i got it from a friend and thought i could flash it...
i got the CFE from tornado's downloads...it is a 196KB .BIN file
i havent got any errors so far but its taking too damn long to advance in %.
it takes around 1 minute to complete the 4 groups each line has but its been almost half hour and im still on 3%...i do know its working since new lines appear every while...
what do you recommend me to do? how do i stop the flash procedure and start all over again??
how do i know it my processor supports bypass?
thanks
What flash chip is detected...look it up in the datasheet for your flash chip...it will say that there is an "unlock bypass" for the chip.
Personally, I would (and have) stop it if it is taking that long to flash 16 bytes....it should flash a full percent every 5-10 seconds....like I said...the cfe you got from Tornado (size is 192K...for a 256K CFE) should only take 10 minutes total.
It sounds like you are in the same boat that I am in.
Now...Tornado told me on Thursday that sometimes you can "kick start" these V8 units...by issuing a /nodma switch to the command line...do that a few times..then run the command normally without the /nodma switch.
I was unsuccessful with this tip..but maybe it will work for you.
Another thing to try...write all FF's to the CFE...then do a -backup:cfe and compare it...see if it really is writing all FF's to the cfe partition.
(you can do it with all 00's also)...I've attached both for you to use if you like.
it was flying until it got to 37%...now...its as slow as the first time i did it...
ill leave it there...i need to go and run some errands..ill let you know what happens...
thanks! _________________ WRT54GS v2.1 > v24-sp2 (01/01/09) mega
WRT54GS v5 > v24-sp2 (01/01/09) micro
PPTP, WDS link and SD Mod
Last edited by moreins on Sun Feb 08, 2009 14:56; edited 1 time in total