Posted: Tue Mar 28, 2017 16:38 Post subject: Buffalo WHR-300HP2 interior pictures and serial debricking
I was in a hurry and bricked this. I upgraded dd-wrt over wifi (yeah, I know) and blew it up. The firmware image I used was downloaded over a very iffy internet connection as well, and I didn't checksum it. Lots of "my bad" involved here.
Anyway, I would like advice on what interfaces I might be able to use on this. I see what looks like a spot for a USB header on a board sometimes equipped for NAS, but this could also be the serial header port.
In other news, this is a very tough egg to crack! Getting it open so that it doesn't look opened is absolutely impossible. It is easier if you remove the kingpin screw first. Hopefully everyone will find the pictures interesting, and maybe someone will have advice on how to make this usable again.
EDIT: Attached pictures inside ZIP file to avoid hi-res hogging the display. You must be logged in to see them.
Last edited by SilverPuppy on Tue Apr 18, 2017 2:53; edited 4 times in total
Posted: Tue Mar 28, 2017 16:58 Post subject: My theories based on similarities to other Buffalo boards
Comparing this board to the venerable WHR-HP-G54, I am thinking that the J1 is serial (without VCC?), and the J2 might be JTAG, but I'm less convinced of that one.
If anyone has additional expertise on the subject, and perhaps boards more similar with which to compare this, I would feel grateful for the enlightenment.
EDIT: I should also say that something is definitely still working. The power light comes on, and the LAN ports cycle connected/disconnected when hooked to a NIC. It seems to be rebooting endlessly, but the boot loader I'm guessing is OK, so I hope I can use serial to debrick this. If this sounds like a reasonable hope, please advise me so.
Posted: Tue Mar 28, 2017 20:57 Post subject: Re: My theories based on similarities to other Buffalo board
SilverPuppy wrote:
Comparing this board to the venerable WHR-HP-G54, I am thinking that the J1 is serial (without VCC?), and the J2 might be JTAG, but I'm less convinced of that one.
If anyone has additional expertise on the subject, and perhaps boards more similar with which to compare this, I would feel grateful for the enlightenment.
EDIT: I should also say that something is definitely still working. The power light comes on, and the LAN ports cycle connected/disconnected when hooked to a NIC. It seems to be rebooting endlessly, but the boot loader I'm guessing is OK, so I hope I can use serial to debrick this. If this sounds like a reasonable hope, please advise me so.
Please make the pictures much smaller I'm also moving this to the appropriate forum as it is not a Marvell router. _________________ I am far from a guru, I'm barely a novice.
Posted: Tue Mar 28, 2017 20:59 Post subject: I'm confused
MediaTek is Ralink? Huh. Never guessed it.
How would I resize the pictures without losing the detail? I'd love to shrink the display size, but the details are hazy enough without dropping the resolution. They're attached, not inline.
I had pretty much convinced myself of that, but it's nice to get confirmation on that from someone else. I did a JTAG recovery one time, but never serial, so this will be a new adventure.
You stripped my pictures off....aren't clunky too-big ones more interesting than none?
EDIT: re-attached them in a ZIP file. What is your suggested procedure?
Well jtag doesn't support it. You may be able to using serial recovery.
I've only ever done it on Broadcom and atheros routers. So I can't help with that.
Posted: Tue Apr 18, 2017 2:48 Post subject: Final thoughts
I successfully debricked it using the serial console. 57600, 8-N-1, flow control off. The bootloader was fine, and once I figured out how to give the firmware to the bootloader in the correct format, all was well. Preparing the file involved stripping the header off the file with a hex editor by finding 27 05 19 56 and deleting everything before it. Select option 2, use tftpd at the correct address with the correct filename, and it will download and flash the firmware of your choice and boot into it. Problem solved.
It has been speculated that the only difference between the WHR-300HP2 and WHR-300HP2D is the factory firmware. My vote is that this is true. I can now confirm that flashing the Buffalo official firmware for the WHR-300HP2D onto the WHR-300HP2 is possible and works just fine because I did it. I'll grant that opening the box and using serial console to force a TFTP download of the WHR-300HP2D DD-WRT is not for everyone, but I plan to do this again.
Can you give some more detail on how you did this? I tried an upgrade on a wrt-300hp2d device from the stock (released in 2013) to a newer brainslayer FW and despite the gui saying it applied OK, it seems to be behaving the same as you described: solid power LED, nothing on the others. If I connect a network cable to it the interface comes up and every few seconds. Tried 30/30/30 , holding for 5 seconds, etc. Did all the static arp entry suggestions and through an unmanaged switch to keep the connection up on the laptop, etc - no dice. Wireshark shows no response coming back from the router at all just the outbound pings. Cannot get any response at all.
Sounds like your serial recovery might be my only option and I've never done any jtag / serial stuff before so any help you can offer would be greatly appreciated.
Posted: Sat Apr 22, 2017 17:51 Post subject: follow up
I found the king pin screw (under the label near the auto / router / bridge switch incase anyone else is looking for it). I got pretty brutal opening the case up, no idea how it could be done neatly and without marking it.
I seem to have a slightly different version of the build than yours it reads "WRTR-297GN_V01A" but it looks like the same layouts etc. It is the "WHR-300HP2D" version that originally comes with ddwrt pre-installed so maybe that explains it.
I found the location of the serial pins and they look to be the same. Now I have some general questions about your serial connection:
1. From my understanding I'll need a USB to TTL Serial cable but what voltage will I need? (I don't have any real need for one aside from recovering this dead router so would prefer to just get the specific one I need for this model rather than all the different variants)
2. In what order are the pins for the serial?
3. Can you give me an idea of the commands you ran once you had a serial connection?
Google dd-wrt serial recovery. I have a link in there for that type of cable you need.
Don't hook up any voltage. Only ground, tx and rx. _________________ I am far from a guru, I'm barely a novice.
Posted: Sun Apr 23, 2017 7:27 Post subject: Thanks
Cool thanks! I ordered the one you mentioned on that wiki article. I was confused by the the level shifting stuff.
I've also added a cheap multi meter so i can try to work out which is the grnd, tx and rx.
My understanding is that I need to:
1. Find the ground pin. There will be 0 or comparatively very low resistance between that pin and a known ground point - the vcc / tx / rx will be higher?
2. Once I know ground, the vcc will be static at 3.3 volts - I can ignore this pin right?
3. Finally to determine the rx vs tx, the tx should have a higher voltage reading (particularly during power on of the router)?
so once i have these I can solder a few pins on and attempt a connection?
if I get the Tx and Rx around the wrong way can I damage the board?
Joined: 04 Jan 2007 Posts: 11564 Location: Wherever the wind blows- North America
Posted: Mon Apr 24, 2017 21:43 Post subject: Re: Thanks
HaCKeRReKCaH wrote:
Cool thanks! I ordered the one you mentioned on that wiki article. I was confused by the the level shifting stuff.
I've also added a cheap multi meter so i can try to work out which is the grnd, tx and rx.
My understanding is that I need to:
1. Find the ground pin. There will be 0 or comparatively very low resistance between that pin and a known ground point - the vcc / tx / rx will be higher?
2. Once I know ground, the vcc will be static at 3.3 volts - I can ignore this pin right?
3. Finally to determine the rx vs tx, the tx should have a higher voltage reading (particularly during power on of the router)?
so once i have these I can solder a few pins on and attempt a connection?
if I get the Tx and Rx around the wrong way can I damage the board?
Square pin is Pin 1...this is +3.3V, pin 2 is Receive (connect to Transmit of serial converter)....pin 3 is Transmit (connect to the
Receive of the serial converter)...pin 4 is ground.
switching T/R will do no harm. I always connect the +3.3V pin as well. I have disconnected it for test purposes...and it does act the same. It may not be needed...but it won't hurt to connect it.
+3.3V - Pin 1
R
T
GND - Pin 4
redhawk _________________ The only stupid question....is the unasked one.