Madscientist's quest for the successful jtag recovery

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions
Author Message

Joined: 25 Jul 2008
Posts: 52

PostPosted: Tue Aug 25, 2009 13:01    Post subject: Madscientist's quest for the successful jtag recovery Reply with quote
This kept me entertained for quite some time and I believe others might be interested in this too (especially, since everything went wrong which could or could not go wrong):

A few weeks ago I bricked my Netgear 614L(european version). I played around with jffs and as is speculated somewhere else in this forum this killed that thing. After switching it on, for 20-30sec power and test LED would be solid and then power would start blinking. I could ping it (TTL=100) and send via tftp firmware to it, but nothing would bring it out of this state.
I tried a serial cable (cheap Nokia CA42 clone), but the 614L would not send any messages. I still don't know if it was the cable or the router, but I knew I would need a JTAG cable.
At I found a description how to build a jtag cable for the 614L and I did so. Of course I knew were to find tjtagv3 software. But it wasn't there! Fortunately, Tornado is a really helpful guy. Finally, I could start to talk to the router and it would tell my something.
From other topics in the forum I knew I had to specify the flash chip because it would not be recognized automatically. The bad thing is also the CPU would only be recognized from time to time. But after a few tries I was able to flash the CFE (I had a backup). To test if the flash was successful I did a backup of the CFE and got rubbish. I tried a second time and got different rubbish. I flashed the CFE again. But still a backup would give me nice and unpredictable rubbish. Something must be wrong!
I checked the cable, but it was o.k. and in any case I could flash and backup. So communication was working... in a sense... I remembered that someone somewhere said jtag cables should be short to avoid noise. Well, my cable was two meters long, unshielded and the connector would plug into a parallel port which was located just next to a wireless card.
I shortened the cable, moved the parallel port (its just a bracket connected via cable to the mainboard) and wrapped the cables in aluminum foil. Now a backup of the CFE would give back something which was at least looking like a CFE. I re-checked the cables, re-soldered the pins of the jtag header and improved cable shielding. Finally, two backups would really be the same.
Now we can go on to the real work. Fortunately, Tornado had sent me in the mean time the boarddata of his 614L (which is a specialty of the 614L which I had not as a backup). But tjtag would not work! It was just stuck whenever it should erase or flash anything, only backup was fine. Of course I knew it was working before. I had already flashed the CFE, erased the kernel and nvram. That meant, I broke the cable! I re-checked the cables, re-soldered the pins of the jtag header (but didn't change cable shielding). Still nothing...
Had it really worked before? There is no real proof because after "successfully" flashing the CFE the behavior of the router didn't change a bit. May be it was never corrupt, the problem could well be just corrupt boarddata. And backups of kernel and nvram showed that there is still the old stuff in besides having been erased already. I came to the conclusion that tjtag had never worked correctly. It had been fooled by the noise and thought it would work when it didn't.
Before dumping the router I tried another computer: no success...I sent some information to Tornado and asked for some last ideas. They came in form of a new version of the tjtag code.
I erased nvram and kernel (this time really successfully), flashed the bdata, tftp'd the firmware and now that thing is running! Damn! It could have been so easy if I would have made some proper work at the beginning (and if that router would not exist in different versions)!

Some final thoughts:
I never expected jtagging to be that complicated! And now I can understand why so many people had no success with it. Without Tornados help my 614L would now lie on the bottom of a trash bin.

Cheers and special thanks to Tornado

Joined: 20 Sep 2006
Posts: 17623
Location: Hesse/Germany

PostPosted: Tue Aug 25, 2009 13:27    Post subject: Reply with quote
tftp flash the netgear fw and then reload ddwrt
Forum Guidelines...How to get help
Forum Rules
Throw some buzzwords into the WIKI search Exclamation
I'm NOT rude, just offer pure facts!
Atheros (TP-Link & Clones, etc ) debrick service in EU
Guide on HowTo be Safe, Secure and Protect Your Online Anonymity!

Joined: 25 Jul 2008
Posts: 52

PostPosted: Tue Aug 25, 2009 14:03    Post subject: Reply with quote
I'm not 100% sure what you mean. But yes, I tftp'd the original Netgear firmware and then (but not yet done Wink ) dd-wrt.
DD-WRT Novice

Joined: 29 Jul 2012
Posts: 3

PostPosted: Thu Apr 28, 2016 2:34    Post subject: Reply with quote
When you said you tftp'd the netgear firmware, are you saying the one with a "chk" file extension? Does this work?

Joined: 23 Jul 2014
Posts: 733
Location: BC, CA

PostPosted: Thu Apr 28, 2016 5:35    Post subject: Reply with quote
You are digging a very old thread from 2009 so there is very slim chance that you will get a reply from the original poster.

I believe Netgear firmware that the OP mean is the stock firmware from Netgear.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions All times are GMT


Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum