Posted: Sat Dec 31, 2011 2:36 Post subject: Netgear WNDR4500 info with INTERNAL PICS + CFE DUMP
Ok finally got time to get information on the WNDR4500
The unit is held together with 6 S10 HEX screws to a plastic mount face.
The router has 2 seperate radios for each band with built in signal amplifier technology. They are Broadcom BCM4331. I have taken pictures of all aspects of this device and will post them later..
The CPU and main interface board has direct surface heat sinks, this baby is well protected against heat. It uses rayspan antenna's for 2.4 and 5.8ghz band.
The powersupply is 12Volts at 5amps... Holy cow!!! This explains how the router can handle the amplifier circuits on board.. Netgear even boasts on the front of the box about it having hi-power amplifiers built in.
This router has a 16M Flash rom with 128M of onboard memory. CPU is impressive 600mhz
The pictures will explain it in much better detail, this is really terrific for a netgear router.
However if we need the CFE dumped I will have to mount opt with static dd binary compiled as stock firmware does not come with dd...
-Fractal
Eko wrote:
I usually dump the mtd parts to /tmp folder as jpg, like
cat /dev/mtd/0 > /tmp/cfe.jpg
then kill httpd and start it on /tmp, like
httpd -h /tmp or httpd -d /tmp
then simply point your browser to
192.168.1.1/cfe.jpg and save it as cfe.bin
same for other mtd parts
Worked more or less on every router so far.
Eko wrote:
barryware wrote:
Eko wrote:
no... from running firmware
how would those commands be issued to stock, running firmware?
You need serial console, then when the router is up, press "Enter" few times, usually you get into Busybox, then you have all the commands.
If you press "tab" few times, you'll get list of all commands then.
Barry, you my friend are the man!, I didnt think about dumping that cfe that way, I was going to put dd on... looks like cfe getting dumped a little earlier..
I am definatly excited to see dd-wrt on this router.
Joined: 26 Jan 2008 Posts: 13049 Location: Behind The Reset Button
Posted: Mon Jan 02, 2012 16:58 Post subject:
I couldn't get it to work on the 3200 because the cfe was buried very deep in the file structure.
I dumped the cfe to a usb stick. Stock firmware mounted the usb stick.. Then I just used the cat/dev command to send the cfe partition to the usb stick.
Up until the 3200, I always used the cfe's save command to grab the wholeflash, then take the wholeflash apart but linksys stripped out the command from the cfe. You need a tftp server running to do it that way.
I couldn't get it to work on the 3200 because the cfe was buried very deep in the file structure.
I dumped the cfe to a usb stick. Stock firmware mounted the usb stick.. Then I just used the cat/dev command to send the cfe partition to the usb stick.
Up until the 3200, I always used the cfe's save command to grab the wholeflash, then take the wholeflash apart but linksys stripped out the command from the cfe. You need a tftp server running to do it that way.
Device eth0: hwaddr 00-21-29-C3-34-B9, ipaddr 192.168.254.140, mask 255.255.255.0
gateway 192.168.254.100, nameserver not set
*** command status = 0
CFE> save 192.168.254.100:wholeflash.bin bc000000 400000
4194304 bytes written to 192.168.254.100:wholeflash.bin
*** command status = 0
CFE>
Your method worked like a charm, however httpd wouldnt start on /tmp so I did the same thing and installed a tftp server on my desktop and moved the nvram and cfe to it... I created a ticket incase the devs are not checking this thread
A CFE dump can be used for getting default nvram variables like board version and board nummber, this is helpful for Eko when asking him to support a router which has minor difference from an already supported router.
The WNDR4500 is not something that can be supported with the help of a cfe/nvram var dump, WNDR4500 needs lots of new platform support files because of the cpu and because it is the first router with 2 flash chips whereof one is a nand flash.
Eko is working on it on the donated 4500 and has extracted all the mtd partitions including the cfe so he is not helped by a cfe dump. _________________ Kernel panic: Aiee, killing interrupt handler!
A CFE dump can be used for getting default nvram variables like board version and board nummber, this is helpful for Eko when asking him to support a router which has minor difference from an already supported router.
The WNDR4500 is not something that can be supported with the help of a cfe/nvram var dump, WNDR4500 needs lots of new platform support files because of the cpu and because it is the first router with 2 flash chips whereof one is a nand flash.
Eko is working on it on the donated 4500 and has extracted all the mtd partitions including the cfe so he is not helped by a cfe dump.
Bummer, thanks for the quick reply, I will remove the ticket... the good news is this router is allready running 2.6 kernel so the filesystem objects are there..
A CFE dump can be used for getting default nvram variables like board version and board nummber, this is helpful for Eko when asking him to support a router which has minor difference from an already supported router.
The WNDR4500 is not something that can be supported with the help of a cfe/nvram var dump, WNDR4500 needs lots of new platform support files because of the cpu and because it is the first router with 2 flash chips whereof one is a nand flash.
Eko is working on it on the donated 4500 and has extracted all the mtd partitions including the cfe so he is not helped by a cfe dump.
What can help besides Eko having more free time to develope? I'd love to see this router supported.
Pinouts from my beta Unit. Seems I don't have the power amps on the wireless (explains my reduced range compared to retail users) and less shielding as well as soldered in ports:
RED = Serial port
GREEN = most likely JTAG for core CPU
BLUE = most likely JTAG for the two BCM4331 radios
NOTE: JTAG is a guess from the 10-pin layout and PCB traces.
Joined: 06 Mar 2009 Posts: 107 Location: MinneSOTA!
Posted: Tue Jun 04, 2013 0:43 Post subject:
Any ideas on how to use that JTAG port? I have a 100% bricked WNDR4500v1 in front of me. When given power, all the LAN lights are dim. No flashing, ping, or activity of any kind, not even through UART. Seems I somehow wiped the CFE... _________________ My Hardware:
1x WNDR3300 - 14853 NEWD C/AP Mini-HotSpot-Kaid
1x WRT54G2 - 13577 NEWD RB Micro
1x WRT310N - TomatoUSB Dev Test Build 9-22-10
1x RT-N16 - TomatoUSB SVN Build 9-13-10
