Posted: Tue Dec 23, 2008 10:43 Post subject: Netgear WGR614v6 running dd-wrt.v24_micro successfully!
Finally I make it possible.
Netgear WGR614v6 is an old route and normally has only 1MB flash (e.g., MX29LV800BTC). The only way is to unsolder that 1MB flash, and replace it by a 2MB one (e.g.,S29AL016D90TF102). However, before soldering the new flash on, you should burn a CFE to it first using a 3rd-part programmer, because this PCB does not have JTAG pinout! (Only a serial console on it). I use this CFE (http://www.dd-wrt.com/dd-wrtv2/downloads/others/wrt54gv5%20flashing/CFE.bin), and after power on the router, you can then upload the micro version dd-wrt to it by Tftp.
(Please unsolder/solder the chip carefully, which makes me debug for so many days.)
So far it works well, but with one big problem. It looks that dd-wrt.v24_micro mis-configured the Lan-Port4 and Wan-Port. -- I have to use Lan-Port4 as uplink port to my modem.
I also wondering why dd-wrt.v24_micro does not support SSH; can the developers chop down some other packages but add-on SSH?
1.PNG
Description:
Status. dd-wrt detects Netgear WGR614v6 as Linksys WRT54G -- understandable because they have the same hardware configruation.
I have a WGR614 v6 and happily, it has a 2Mb flash!
What do you mean by compress the CFE?
I have tried the tftp flash technique but haven't made any progress. I followed this process:
Ping the router. As soon as the router responds to pings, send a TFTP connection.
Given I had no success, I tried running nmap (network port scanner) as soon as the router responds to pings. It appears ports 23 (telnet) 80 (http) and 8080 (web proxy) are open. TFTP is on port 69 and is closed.
There may be something wrong with the image I am trying to load as well given that I haven't knowingly compressed any CFE, but given the router doesn't appear to be opening TFTP port 69, I suppose I can't upload any firmware anyway!
If I try to telnet to port 23, I get:
Connected to 192.168.1.1...
Escape character is '^]'.
Connection closed by foreign host.
Connection closes immediately.
KeithB wrote:
Micro-plus is probably what you want. You must compress your CFE before you can successfully load it, though.
I may be making some progress on this. The router had a proprietary Virgin firmware. This may have prevented it from accepting a TFTP dump.
I found the machine would not accept a Generic Netgear firmware update. It appears the board ID for the Virgin version of the router is different from the non-virgin version. My tests indicate different Board ID codes prevent the router from accepting the generic firmware version.
Looking at the generic firmware using a hex editor, at offset 0x0F, I saw the boardid the generic version needs is U12H042T00_NETGEAR. I don't know the original boardid for the Virgin based router.
Which is basically
telnetenable.exe <ip_address_of_router> <Mac_address_of_WAN_PORT(without_colons)> Gearguy Geardog
Without resetting router, I telnetted in. I then typed
burnboardid U12H042T00_NETGEAR
I then logged in via the web control panel (virgin u/p is virgin/password) then programmed the generic firmware.
This is simply a statement of what I done to 'unlock' and re-program the Virgin router with the generic Netgear firmware. If you try this, then you do so at your own risk. The part number of my router is WGR614-6VGUKS and has 2Mb flash.
I will post back if I succeed in uploading DD-WRT via TFTP after uploading the generic firmware.
Using Nmap and a simple bash script loop, I can see the TFTP port 69 on UDP opens for a short while at boot like before, and I have tried tftp and atftp on Ubuntu. I have also tried the windows-based GUI based linksys tftp updater all as instructions on:
but I always get TFTP timeout or equivalent. It doesn't appear the router is responding to attempts to push firmware to it. I wonder if the Netgear .chk file is actually the raw binary firmware data, with a header to tell the web GUI whether the data is suitable for that router? In which case, an easier solution might be to slice the header off the .chk file and append it to the dd-wrt BIN file. Any suggestions?
Incidentally, atftp is giving me
sent WRQ <file: code.bin, mode: octet <timeout: 60>>
source port mismatch, check bypassedtimeout: retrying...
I have tried cutting the header from a .chk firmware file for a v8 WGR614, putting it on to a micro dd-wrt file. Update board ID to match a v8. No success.
So I will assume the tftp system on my router is, and always has been borked and there is no simple way to program this router with dd-wrt.
The virgin firmware is VxWorks and the factory BSP can not accept TFTP actually. I have tried all that you have tried and failed.
The problem is that this PCB does not have JTAG pinout!
So the only way is to unsolder the flash chip, erase whole and re-program a good CFE to it by a 3nd tool (or solder it to another PCB with JTAG pinout, and re-program CFE by JTAG); and then re-solder the chip to the original PCB.
Fascinating thread, and thank you nickhill for your experimentation with the Virgin WGR614, that's exactly the one I've been struggling to get running.
I guess the ultimate solution would be to bolt on the necessary code to the DD-WRT firmware to get it accepted once the router is running standard netgear software? Is that what you're aiming for by playing with the headers?
Micro-plus is probably what you want. You must compress your CFE before you can successfully load it, though.
Can you give me some more information on this? How do I compress the CFE? If I do, do I install it first and follow with the micro-plus? Where can I download the micro-plus? I've checked my mem chip and it is the 2MB model.
Micro-plus is probably what you want. You must compress your CFE before you can successfully load it, though.
Can you give me some more information on this? How do I compress the CFE? If I do, do I install it first and follow with the micro-plus? Where can I download the micro-plus? I've checked my mem chip and it is the 2MB model.
The virgin WGR614 is running VxWorks. Starting from VxWorks, I really don't know how to replace its BSP with a CFE. Sorry for that.
wow, my wgr614 v6 is pretty useless, i think i would like to take on this task but i have a few questions.
First. since I'm swapping the chip. can i use a 4 mb and use the standard firmware? also, since I'm already in there would upping the ram chip work? or even benefit for that matter?
second. what are the specifics for the chip so i can find it at newark com or mouser com. I'm not chip very chip savvy at the moment
third. the only thing I've ever programed was a 8 pin dip micro controller on a homemade serial programmer. what type of programmer do i need to look for. or make if possible. thanks