reverting the Buffalo WZR-HP-G300NH2 to factory firmware?

Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware
Goto page Previous  1, 2, 3, 4, 5, 6  Next
Author Message
Deepdish
DD-WRT Novice


Joined: 13 Nov 2011
Posts: 15

PostPosted: Sat Dec 10, 2011 4:50    Post subject: Reply with quote
cRACKmONKEY421 wrote:
Didn't quite work yet. When I TFTP mtd1.dump, it actually accepts the file and allows me to send the whole thing. But that's as far as it gets. Eventually the DIAG light turns off, and the router comes up with what was already on it--a newer, community version of dd-wrt. So although the TFTP server accepts the file, it appears to get rejected somewhere down the line.

Close, but no cigar.


Are you using 02:AA:BB:CC:DD:1A for the mac address?
Sponsor
cRACKmONKEY421
DD-WRT Novice


Joined: 19 Sep 2006
Posts: 46

PostPosted: Sat Dec 10, 2011 5:27    Post subject: Reply with quote
Deepdish wrote:
Are you using 02:AA:BB:CC:DD:1A for the mac address?


Yes

Also just tried flashing using the command line. At first it said bad trx header, then I stripped the first 32 bytes. Now it appears to accept the file, but nothing ever happens... just like when I TFTP with the header. It even seemed like a dumb idea at the time, but I figured it wouldn't hurt to try. In another lame attempt, I deleted all the bytes that were just F's at the end of mtd1.dump. Didn't help of course. I'm all out of lame ideas for tonight Razz
fyi2000
DD-WRT Guru


Joined: 04 Apr 2010
Posts: 642

PostPosted: Sat Dec 10, 2011 8:53    Post subject: Reply with quote
cRACKmONKEY421 wrote:
Code:
mtd1: 01f80000 00010000 "linux"

From stock firmware, execute,
Code:
cat /dev/mtd1 | md5sum

From the current firmware, upload "mtd1.dump" to /tmp and execute,
Code:
cat /proc/mtd
cat /tmp/mtd1.dump | md5sum

If the size of linux is also "01f80000" and the results of running md5sum are exactly the same, I think you can safely run,
Code:
mtd -r write /tmp/mtd1.dump linux

_________________
DD-WRT Forum - Atheros Recommended Build
cRACKmONKEY421
DD-WRT Novice


Joined: 19 Sep 2006
Posts: 46

PostPosted: Sat Dec 10, 2011 10:20    Post subject: Reply with quote
fyi2000 wrote:
If the size of linux is also "01f80000" and the results of running md5sum are exactly the same, I think you can safely run,
Code:
mtd -r write /tmp/mtd1.dump linux


That worked perfectly. Thank you! I wasn't checking anything and doing it straight from smbshare, which I found out was giving other errors. Worked fine copying to /tmp first from a USB drive.

Thanks again to both (LOM too) of you for your help.

TheLastBoyScout wrote:
If it works, please post the file....


I removed the other files and have attached the only one you need below. The directions are above, and I even pasted them into a readme in there. Good luck.

Still don't know why TFTP doesn't work directly with my dump (haha I said my dump), but at least we now have a round-about way of getting from TFTP back to stock firmware. I am up way too late.
cRACKmONKEY421
DD-WRT Novice


Joined: 19 Sep 2006
Posts: 46

PostPosted: Sat Dec 10, 2011 17:49    Post subject: Reply with quote
Can someone please point me in the direction of some DD-WRT header information? I would like to create the 28-byte header on this to make it use DD-WRT's webflash.
TheLastBoyScout
DD-WRT Novice


Joined: 25 Aug 2011
Posts: 21

PostPosted: Mon Dec 12, 2011 1:25    Post subject: Reply with quote
cRACKmONKEY421 wrote:


TheLastBoyScout wrote:
If it works, please post the file....


I removed the other files and have attached the only one you need below. The directions are above, and I even pasted them into a readme in there. Good luck.

Still don't know why TFTP doesn't work directly with my dump (haha I said my dump), but at least we now have a round-about way of getting from TFTP back to stock firmware. I am up way too late.


Awesome sauce.....

Thanks so much for your hard work....

My wife will be happy to be able to watch her NetFlix from the other side of the house again....

----------------------------------------------

If anyone somehow ended up bricking their NH2 and needs to recover back to DD-WRT in order to go back to stock, I used this with great success and no issues what-so-ever.

http://asupport.blogspot.com/2011/10/unbrick-wzr-hp-g300nh2-and-then-flash.html
fyi2000
DD-WRT Guru


Joined: 04 Apr 2010
Posts: 642

PostPosted: Mon Dec 12, 2011 5:13    Post subject: Reply with quote
Overriding mtd without checking /proc/mtd and md5sum could end up in disaster. You've been warned.
_________________
DD-WRT Forum - Atheros Recommended Build
cRACKmONKEY421
DD-WRT Novice


Joined: 19 Sep 2006
Posts: 46

PostPosted: Mon Dec 12, 2011 7:58    Post subject: Reply with quote
fyi2000 wrote:
Overriding mtd without checking /proc/mtd and md5sum could end up in disaster. You've been warned.


I put my md5sum results from my original firmware in the readme so one could use that to compare. That's a very good warning though--as that header I am seeking to build contains a checksum, and what I posted does no checks. So do the checks yourself! But here it is again from my original firmware:

Code:
root@DD-WRT:~# cat /dev/mtd1 | md5sum
137289314594a98cd9fb641cab5c2520  -
fyi2000
DD-WRT Guru


Joined: 04 Apr 2010
Posts: 642

PostPosted: Mon Dec 12, 2011 8:11    Post subject: Reply with quote
Hello LOM, they need your help.
_________________
DD-WRT Forum - Atheros Recommended Build
LOM
DD-WRT Guru


Joined: 28 Dec 2008
Posts: 7647

PostPosted: Mon Dec 12, 2011 9:04    Post subject: Reply with quote
fyi2000 wrote:
Hello LOM, they need your help.



Buffalo apparently don't want plain version of their software available in public and therefore I have not decrypted any and added headers even though I can do it, see my first post in my revert file thread.

I'll do a revert file (header add to the already uploaded plain file) for this router if Brainslayer gives his ok for it.

_________________
Kernel panic: Aiee, killing interrupt handler!
cRACKmONKEY421
DD-WRT Novice


Joined: 19 Sep 2006
Posts: 46

PostPosted: Mon Dec 12, 2011 9:41    Post subject: Reply with quote
Thanks. You have a point; they may not want it done. Buffalo probably doesn't encrypt firmwares just for fun. At the same time though, I can't think of a reason why they do it because anyone who could do anything useful with a decrypted firmware could easily get the decrypted firmware from the device itself or by other means. I guess it's easy enough for people to dump it themselves as long as they do it before they flash to non-buffalo firmware. Let me know if it needs to be removed or feel free to remove it.
TheLastBoyScout
DD-WRT Novice


Joined: 25 Aug 2011
Posts: 21

PostPosted: Tue Dec 13, 2011 16:53    Post subject: Reply with quote
Alright, Ive done this twice now with success.

I had a co-worker who also had one of the WZR-HP-G300NH2 routers that had dd-wrt on it, only he, like a bone head tried to put the 17798 firmware for the WZR-HP-G300NH on it bricked it.

I recovered it as well, got it back to DD-WRT and then checked the md5sums and all checked out.

After the router rebooted, i did a 30/30/30 reboot on it and it came up with the Buffalo firmware on it.

He wanted to make sure it worked fully, so he let it detect any firmware updates and it saw the Buffalo Firmware version 1.80. It upgraded successfully and after a reboot was back to the "user-friendly" interface.

At that point, using the correct 17798 firmware for the NH2, he downgraded it with no issues.

Thanks again for everyone who helped with this.
cRACKmONKEY421
DD-WRT Novice


Joined: 19 Sep 2006
Posts: 46

PostPosted: Wed Dec 14, 2011 7:37    Post subject: Reply with quote
TheLastBoyScout wrote:
Alright, Ive done this twice now with success.


Glad to have helped. I hope we can keep it and improve on it.

I wonder what Buffalo tells people who tried to flash the version 1 firmware on a version 2. Maybe just re-buy?
TheLastBoyScout
DD-WRT Novice


Joined: 25 Aug 2011
Posts: 21

PostPosted: Wed Dec 14, 2011 13:28    Post subject: Reply with quote
well, this was back a ways.... but when i first got the NH2, it was listed as an NH from the website i bought it.

I decided that I was going to update the firmware, but upon trying to download the firmware for the NH2 version of the router (http://www.buffalo-technology.com/products/wireless/wireless-n-nfiniti/wzr-hp-g300nh2-airstation-nfiniti-wireless-n-high-power-router/**click available download link), it asks you for a serial number.

Upon entering my serial number, it would not take it.

I contacted Buffalo, and was told that I indeed have an NH model, not an NH2, despite the sticker saying otherwise. I go and download the latest firmware for the NH and boom! Bricked router.

I contacted Buffalo back and was told that I was SOL as that is an NH2 and I violated the warranty by using the wrong firmware, and that unless i wanted to pay for them to unbrick it, I was on my own. They claimed they never said it was an NH version.

After messing around with several different things, I finally found out about TFTPing and managed to do something similar as I did with my friends router and got DD-WRT back on it. Ive been using DD-WRT ever since.

I would like to think that with the issues of the NH and NH2 debacle, they would have been more understanding. I hope that i was just unfortunate in who originally assisted me and who assisted me the second time. However, after viewing some of the admin/moderator posts in their Forums, i would be willing to bet most of those folks are not all that bright.

Either way, this allows me to not worry about RMA'ing a router, and I am happy with that.
mazecreator
DD-WRT Novice


Joined: 09 May 2009
Posts: 48

PostPosted: Wed Dec 14, 2011 16:00    Post subject: Got back from OpenWRT Reply with quote
Hi all,

I made a BIN file I could TFTP into the Rev 2 unit after having OpenWRT on the router. I was having the same problem, tftp would send the firmware and then reboot but still have the OpenWRT firmware on the unit.

I looked at all the files that worked and didn't work and used a hex editor to replace the header of 18000 and tried the TFTP and here is what I have loaded now on the Version 2:
Router Model: Buffalo WZR-HP-G300NH2
Firmware Version:
DD-WRT v24-sp2 (12/12/11) std - build 18000

This might only flash after loading the OpenWRT file, so I will include both.

I cannot upload them onto the BBS because of the size. Is there another place I can put them?
Goto page Previous  1, 2, 3, 4, 5, 6  Next Display posts from previous:    Page 4 of 6
Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum