Posted: Mon Apr 29, 2013 9:45 Post subject: Flashing WNDR4300 SureWest with dd-wrt
Hi!
I have a NetGear WNDR4300. The firmware displays it as WNDR4300SW. I've tried flashing dd-wrt and NetGear firmware using the web interface. It always fails. I assume because the image header is incorrect.
Is there any way I can flash the SW firmware with dd-wrt? Should using TFTP work?
So far all my attempts have failed. I have not been able to locate a copy of the SW image to try it. It's currently using:
Tftp will not work, it does also check the software id.
You'll either need to provide Brainslayer with a firmware update file or retrieve the id string from the router. Google Netgear telnet backdoor and see if you can get into the router that way.
I can tell you how to dump the software id string once you have shell access in telnet.
I'm able to get a response using Telnet. It comes back saying OpenWrt and I have root access:
root@WNDR4300SW/#
What's the next step?
I'm guessing that the Software ID code from the current firmware needs to be inserted into the new firmware to fool the software check. Something like that.
I know this is an old ass post but I am also looking for assistance with the same router from my ISP Surewest. I would love to turn the router into an actual useful router but of course I can't load any firmware on it. I have obtained telnet access and as simcode said it is showing that it has OpenWRT. Can someone help me with getting DD-WRT on this thing because I am 99.99% sure its a WNDR4300 with my ISP's custom firmware.
Show me a dmesg output directly after booting the router, I need only to see the early part where mtd partition sizes and names are displayed. _________________ Kernel panic: Aiee, killing interrupt handler!
and look for something similar to U12H181T00_NETGEAR (just as example, that board-id is for WNDR4000) _________________ Kernel panic: Aiee, killing interrupt handler!
My error - the firmware header containing the board-id is of course stripped off before storing the firmware in flash.
The info should be there in either the caldata or the config partition, ie mtd2 or mtd5. _________________ Kernel panic: Aiee, killing interrupt handler!
Bump. You can't flash to a stock firmware since the SW firmware checks for it.
I found some info regarding an older SureWest router that had the same issue. They replaced the header information and deleted one byte and were able to flash to any firmware (openWRT in this case)
The firmware that's linked in that thread doesn't work on the 4300. Is someone here able to replicate their efforts? I do not possess the technical skill to do it myself.
Quote:
1. Grab the firmware image you want to flash to.
2. Replace the 128 byte header with one from the existing firmware using a hex editor.
3. Delete the last byte of the modified firmware.
4. Use the appendsum script below (from the firmware source package) to append a new checksum byte: appendsum <firmware-mod-no-crc.img> <firmware-mod.img>
Bump. You can't flash to a stock firmware since the SW firmware checks for it.
I found some info regarding an older SureWest router that had the same issue. They replaced the header information and deleted one byte and were able to flash to any firmware (openWRT in this case)
The firmware that's linked in that thread doesn't work on the 4300. Is someone here able to replicate their efforts? I do not possess the technical skill to do it myself.
Quote:
1. Grab the firmware image you want to flash to.
2. Replace the 128 byte header with one from the existing firmware using a hex editor.
3. Delete the last byte of the modified firmware.
4. Use the appendsum script below (from the firmware source package) to append a new checksum byte: appendsum <firmware-mod-no-crc.img> <firmware-mod.img>
Bump. Anyone have the technical skills to do the above steps?
Downloaded the source from here: ftp://downloads.netgear.com/files/GPL/ then compiled it, copied the header over to the default.img from dd-wrt, appendsum the chkbit and it flashed fine.
The WAN took a few reboots to work, but that could have been my hardware. Posting from it now and speedtest comes in an a solid 30Mpbs (my cap).
If you feel the need to buy me a beer, http://jonshipman.com/ (my paypal is email on the top right)