Posted: Sun Mar 11, 2012 11:05 Post subject: How to change country (regulation domain) in E3000
The router locked by firmware to channels, allowed in country where it was originally sold. The regulation (region code) is stored in NVRAM. Country code is located in CFE at offset 0x3FE2C, 2.4GHz code is at offset 0x3FE24, and 5GHz at offset 0x3FE28. I discovered few codes: EU, US. Empty fields (0xFF) works as US. Here are simple steps for changing region code in NVRAM.
1. Flash Linksys E3000 with DD-WRT as described http://www.dd-wrt.com/wiki/index.php/Linksys_E3000#Flashing_instructions_for_the_E3000 steps 1 - 10.
2. Enable telnet access and login to router:
telnet <router IP>,
password: <admin pass>
3. Read your original boot and NVRAM http://www.dd-wrt.com/wiki/index.php/CFE_backup
dd if=/dev/mtd/0 of=/tmp/cfe_backup.bin
4. Read first part of CFE (upto region codes)
dd if=/dev/mtd/0 of=/tmp/cfe_1.bin bs=1 count=261668
5. Fill desired country codes in HEX format. EU = 0x45, 0x55.
echo -e "\x45\x55\xff\xff\x45\x55\xff\xff\x45\x55\xff\xff" -n >/tmp/cfe_2.bin
6. Copy thrird part of CFE:
tail -c 464 /tmp/cfe_backup.bin >/tmp/cfe_3.bin
7. Create new CFE file with updated region:
cat /tmp/cfe_1.bin /tmp/cfe_2.bin /tmp/cfe_3.bin >/tmp/cfe_new.bin
8. Check that new file has correct size:
ls -l /tmp
9. Check that only region was changed in new file:
cmp -b /tmp/cfe_backup.bin /tmp/cfe_new.bin
10. Write new file to flash:
mtd unlock cfe
mtd write -f /tmp/cfe_new.bin cfe
11. Restore stock firmware as described here:
It is good that you said check file size, because following your instructions (through copying/pasting the information) the cfe_new.bin file resulted 4 bytes longer than it should.
I did apply this trick and I can confirm that it works, but I used HxD from Total Commander Ultima Prime instead of command line instructions. After I have edited the file with EUÿÿEUÿÿEU instead of Q2/3Q2/3US (ÿ is FF in hexadecimal), I did a binary content comparison and this was the one and only difference between the two files.
Another difference is that I did not flash back to stock firmware, I remained using DD-WRT firmware. I guess that this new cfe makes for me no real difference, but in any case my two WRT610N-EU routers, which had become E3000 (US region) through flashing the advised cfe and the custom firmware for conversion, are now E3000 (EU region). _________________ Asus RT-N16 running Merlin (latest), formerly used Kong 22000++ kingkong-nv32k-broadcom with OTRW2
E4200 V1 running Kong 22000++ kingkong-nv60k-broadcom with OTRW2
2 times Linksys WRT610N V2 converted to E3000 running Kong 22000++ usb-ftp-samba3-dlna-nv60k-broadcom with OTRW2 (bridged with LAN cable)