Netgear R6300v2 Advanced Debrick Notes By Sploit

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3 ... 9, 10, 11, 12, 13, 14  Next
Author Message
LemmingFactory
DD-WRT Novice


Joined: 13 Apr 2017
Posts: 13

PostPosted: Thu Jun 01, 2017 14:45    Post subject: Reply with quote
So I flashed the latest Kong R6250 build without issue. Transfer rates for the attached USB3.0 drive were around 10MB/s. Then I flashed back to stock Netgear firmware and transfer rates were around 30MB/s. Not sure why the difference, but it is quite significant when transferring big media files.

When I flashed back to stock from DD-WRT I used the reset option. The router booted afterward but would not respond so I got out the USB=>TTL cable and flashed stock firmware again with tftpd32, which worked.

Not sure if related to low USB throughput, but this link explains why LAN throughput is lower with DD-WRT, because it does not use Broadcom CTF hardware acceleration: https://www.snbforums.com/threads/broadcoms-hardware-acceleration.18144/
Sponsor
Malachi
DD-WRT Guru


Joined: 17 Jul 2012
Posts: 7209
Location: Columbus, Ohio

PostPosted: Thu Jun 01, 2017 16:00    Post subject: Reply with quote
After flashing stock from dd-wrt, I have found netgear routers need to be reset using the reset button and then power cycling.
_________________
I am far from a guru, I'm barely a novice.


Last edited by Malachi on Thu Jun 01, 2017 17:08; edited 1 time in total
Xeon2k8
DD-WRT Guru


Joined: 11 Feb 2016
Posts: 1288

PostPosted: Thu Jun 01, 2017 16:20    Post subject: Reply with quote
LemmingFactory wrote:
So I flashed the latest Kong R6250 build without issue. Transfer rates for the attached USB3.0 drive were around 10MB/s. Then I flashed back to stock Netgear firmware and transfer rates were around 30MB/s. Not sure why the difference, but it is quite significant when transferring big media files.

When I flashed back to stock from DD-WRT I used the reset option. The router booted afterward but would not respond so I got out the USB=>TTL cable and flashed stock firmware again with tftpd32, which worked.

Not sure if related to low USB throughput, but this link explains why LAN throughput is lower with DD-WRT, because it does not use Broadcom CTF hardware acceleration: https://www.snbforums.com/threads/broadcoms-hardware-acceleration.18144/

Yeah nothing to do with USB. On my 6250 I can make reads up to 20-22, and writes around 18 or something like that, on a regular HDD formatted NTFS, so that's weird, are you using ftp or smb?.

_________________
R6400v2 (boardID:30) - Kong 36480 running since 03/09/18 - (AP - DNSMasq - AdBlocking - QoS)
R7800 - BS 31924 running since 05/26/17 - (AP - OpenVPN Client - DNSMasq - AdBlocking - QoS)
R7000 - BS 30771 running since 12/16/16 - (AP - NAS - FTP - SMB - OpenVPN Server - Transmission - DDNS - DNSMasq - AdBlocking - QoS)
R6250 - BS 29193 running since 03/20/16 - (AP - NAS - FTP - SMB - DNSMasq - AdBlocking)
LemmingFactory
DD-WRT Novice


Joined: 13 Apr 2017
Posts: 13

PostPosted: Thu Jun 01, 2017 16:47    Post subject: Reply with quote
Malachi wrote:
After flashing stock from netgear, I have found netgear routers need to be reset using the reset button and then power cycling.

The Kong DD-WRT flash from stock booted right up. But the flash back to Netgear firmware wouldn't boot. I tried resetting but no change so I flashed again via USB=>TTL cable.

Xeon2k8 wrote:
Yeah nothing to do with USB. On my 6250 I can make reads up to 20-22, and writes around 18 or something like that, on a regular HDD formatted NTFS, so that's weird, are you using ftp or smb?.

Think it was smb with NTFS drive. Actually, the stock USB transfer rates can peak well over 30MB/s (have seen over 50MB/s on LAN transfers). DD-WRT never got over 10MB/s and was often closer to 6MB/s.
deslatha
DD-WRT User


Joined: 12 Jul 2016
Posts: 187

PostPosted: Mon Jun 19, 2017 20:22    Post subject: Re: Boot Wait Isnt Enabled By default Reply with quote
and magically the tftp pull for vmlinuz is gone.[/quote]
Net gear bootloader aka cfe just hide help and other intrusion. Simple use usb ttl aka cosole serials. First of all,use tera term VT program for ttl serials that the best automatic aka like putty.Second use tftp like server; set Lan on window to manual 192.168.1.2 and tftpd to fold with you want. Third use cli flash as cfe:> prompt are: "flash -noheader 192.168.1.2:r6300.trx flash1.trx" where "r6300.trx" is the firmware ether *.bin or trx or chk. You can even flash with asus merlin firmware too.the only thing that I am not replace cfe from rt-ac68u yet. Don't no if it us compatible yet. If someone can point out pin on bcm Armv71 at 41x7x03x09x0.
StabbingHobo
DD-WRT Novice


Joined: 11 Jul 2017
Posts: 2

PostPosted: Tue Jul 11, 2017 2:59    Post subject: Reply with quote
I have an r6250 and I'm not making much headway in recovering from a brick.

I have a USB TTL cable installed and I can get to CFE without issue.

I boot, interrupt the sequence with CTRL + C, perform an NVRAM ERASE to clear it back to default. I start the TFTPD client and it shows 'Reading:'

On my computer, which I've already set to the proper IP addresses, I send a firmware to the router using windows default FTPD client (I've also tried FTPD2, etc) and it's successful to a point.

Within Putty I can see that 'Reading' shows 'Reading :: Done"
Board ID : HDR0
Image ID: U12H245T00_NETGEAR
Reading ::

And this is as far as it gets. I've waiting more than 15 minutes and nothing more happens. If I simply perform a restart and do nothing, it'll boot straight into TFPTD Ready mode. Only clue is the line:

Checking CRC...Invalid Boot Block on Disk

Thoughts?
StabbingHobo
DD-WRT Novice


Joined: 11 Jul 2017
Posts: 2

PostPosted: Tue Jul 11, 2017 18:41    Post subject: Reply with quote
Okay; I'm up and running (on Netgear stock firmware, V1.0.4.12_10.1.15)... for now...

I wanted to take the time to provide my steps to people so that others may be able to recover as well.

Through playing with some CFWs, I ended up corrupting something somewhere along the way, honestly; I forget what I had done to cause it. Point being, I was powered on with a blinking green light.

Through initial investigations I was able to ping the router and I could use console commands within windows (10) to tftp a firmware to the router, but nothing ever came of it:

tftp -i <ip> put <firmware>

I'd get a successful message back from the console session, but the router did nothing at all.

I moved forward and purchased this https://www.adafruit.com/product/954 to get myself started. This company did offer a link location for drivers, but Windows 10 did auto-install drivers which worked just fine.

I wired it up following these jumper points within the router itself. This did require cutting off the jumpers and soldering as no pins are available in this model.: http://photobucket.com/gallery/http://s1336.photobucket.com/user/two2tangle/media/R56250-serial-connections_zps81203a56.jpg.html

As per the mfg the pins are:
Black -> GND (Pin 2)
White (RX) -> TX (Pin 3)
Green (TX) -> RX (Pin 4)
Red (VCC) Un-used

FIRST MISTAKE was made here. I originally wired up the white and green backwards and although my PuTTY session worked fine, I couldn't interrupt the boot sequence. Nothing was garbled, everything was fine, it just wouldn't interrupt. Other interesting point, I couldn't boot the router from a powered off state with the USB plugged in. I had to power the router on, plug the USB in, start the PuTTY console and attempt to interrupt. So if you're experiencing similar, double and triple check your wiring.

I configured PuTTY, my computers local IP, etc as per this guide https://www.myopenrouter.com/article/how-debrick-your-wnr3500lv2-using-windows-and-usb-ttl-cable and https://www.myopenrouter.com/article/how-debrick-or-recover-netgear-r7000-r6300v2-or-r6250-wi-fi-routers. Again; double and triple check your settings. Originally I had overlooked the Flow Control option, which although I don't know if it caused me issue (see above), it was definitely overlooked.

Once I remedied all of these things, I could boot the router and interrupt just fine.

Onto my next issues, sending a firmware over to the router.

Following the guides listed, I could send a firmware, but the router was not taking it. Rather, once I sent it and getting confirmation from console, the router would continue saying 'Ready' as though it needed something more. Even leaving it for a period of time resulted in no change of note (left it overnight).

This guide saved me: https://wiki.openwrt.org/doc/techref/bootloader/cfe#bcm47xx_cfe

Specifically the input:

flash -noheader : flash0.trx

This is the process (for me) to have this work.

From a powered off router, power it on and interrupt using CTRL+C to get into CFE

Once you're into CFE, perform an nvram erase just to get that out of the way.

In a seperate command prompt window (not CFE/Putty), have your firmware ready to be sent using the following line from the location of the firmware on your computer. IE: If your firmware is in C:\firmware -- run the command from that location:

tftp -i 192.168.1.1 put <firmware>

Since I was putting the NetGear stock firmware back on, I used:

tftp -i 192.168.1.1 put R6250-V1.0.4.12_10.1.15.chk

The important part here is 'ready to be sent' but don't actually send it yet.

In PuTTY - issue the command flash -noheader : flash0.trx

The window will change to TFTPD mode and waiting to accept a file.

In the command prompt console, hit enter and your firmware will send across.

What made this different for me from all my other attempts was the router was ready to flash whatever file I sent it whereas before, it wouldn't do anything once the router accepted the file.

Once the router programmed itself it brought me back to the CFE> prompt where I simply issued a reboot and waited for it to start.

Other key note was that I could not use this process to flash, for instance, Kong's firmware. I had to go to stock first.

Hope this helps others out, I struggled with this for a number of days Smile
LemmingFactory
DD-WRT Novice


Joined: 13 Apr 2017
Posts: 13

PostPosted: Thu Jul 13, 2017 11:28    Post subject: Reply with quote
Thanks for posting the detailed instructions, StabbingHobo. I had to use a USB=>TTL cable as well to get my R6250 up and running again with stock firmware.
tripper22
DD-WRT Novice


Joined: 07 Jan 2009
Posts: 39

PostPosted: Wed Aug 30, 2017 3:42    Post subject: Re: Also here is some other stuff Reply with quote
sploit wrote:
I am making a very detailed manual on this router. It has been a fun one Wink I will release it in the near future. Here is some basic info to help you guys for now.




The PL2303 HX USB to Serial will work with windows10 with the drivers I included. Make sure and remove any other Bull$hat drivers you probably already installed. It should install as ComPort3 but you will need to check your Windows Device Manager to see what it installs as.

Dismantle the router and flip the board over to expose the pins. All of the Netgear R6300v2 have them.
J252 Jumper = RX = Green
Pin 3 = TX = White
Pin 2 = Ground
DO NOT HOOK UP RED WIRE

1) Unplug the router from main power pack.
2) Use a USB Serial Connector (As Pictured). I use a PL2303 HX from EBay. They cost about $3.00 I have the drivers for windows 10. Get one with the standard usb colors shown above, because it is easy to identify what is what by the color coding. (Red is Power, Black is Ground, White is Transmit, Green is Receive) DO NOT HOOKUP THE RED WIRE ON THIS UNIT.
3) Make sure Power button is in off position.
4) Plug in power pack.
5) Connect using Putty: Com Port 3, 115200,8,N,1 and Flow Control Off.
6) Use Router Power Button to Power On.
7) Stop the Boot Process by Rapidly Pressing Keyboard Keys CTRL-C-Enter in that order over and over after you see the “FoxConn” Message for loading. You should drop to the CFE> Prompt. If you miss it, restart the process by turning the router power switch off and on.
Cool If you have a CH Model then type “burnboardid U12H240T00_NETGEAR” without quotations and press ENTER. This will convert the board id to a regular r6300v2.
9) You can now flash whatever initial firmware you want by typing tftpd which will start the tftp daemon on the router and it will listen for firmware to be transferred.
*** Note *** Do not use the crappy Linksys tftp2 program. Use tftp with linux or tftp from windows or another tftp program. The tftp2 program from Linksys will timeout on larger firmware images.
10) Power off Unit and Disconnect USB when done.


This unit does not really need a serial cable for recovery if you know what you are doing Smile

The reason is because it has two failsafes.

1) The vmlinuz file
2) Enters TFTPD mode automatically upon bad firmware.


*** special notes ***
1) If your r6300v2 router is pinging ttl=100 continuously it is waiting for firmware via tftp

2) If it briefly pings ttl=100 (Maybe 4 times) then that time it is looking for the vmlinuz file from a tftp SERVER at 192.168.1.2

To all newbies a tftp server is different than a client. A client application is like tftp, or the linksys tftp2 program. A tftp server actually hosts files like a directory or http server. Understand that there is a major difference.

3) If you have a blue stripe on the bottom of your rouyer then you have a r6300v2CH and to recover you will need a.R6300v2CH Firmware file.

4) If you have a Yellow Stripe on the router it is a R6300v2.

Kong has a ddwrt file for both.

More to come when I have time. Been really busy lately.


I had a PL2303 handy and this tutorial saved my bacon!

Thanks very much! @spoilt
deslatha
DD-WRT User


Joined: 12 Jul 2016
Posts: 187

PostPosted: Thu Aug 31, 2017 17:38    Post subject: Re: Netgear R6300v2 Advanced Debrick Notes By Sploit Reply with quote
sploit wrote:
Please leave comments on this to help other users and keep the thread active once it works for you. It helps other users having your same problems.... Very Happy


Advanced Debrick Guide for the r6300v2 by sploit



This router actually has a very sophisticated smart boot process.
On boot, “if” you are running Netgear Stock firmware and after passing a quick CRC check it will boot the Netgear Firmware and Never attempt to start a TFTP Daemon no matter what you do with the buttons.



following your inspired, why you keep non-convenience CFE. how about converting a bad router into a permanant unbrickable aka a zombie router with upgradable to r7000 with a vey easy way to flash FW throught usb port by a wireless usb serial device with step by step Guide line. Stay tune...will comming soon...
khurramt
DD-WRT Novice


Joined: 04 Oct 2017
Posts: 3

PostPosted: Sat Oct 07, 2017 19:09    Post subject: What is the password of your OpenWRT build for R6300V2? Reply with quote
So I have a post about bricking my Netgear R6300V2 (http://www.dd-wrt.com/phpBB2/viewtopic.php?t=311498&highlight=r6300v2).

I have followed your troubleshooting steps and managed to get the router to load your vmlinuz via TFTP. I have tried blank and many other passwords to log in via SSH & web interface but nothing seems to get me in. Did you set a password on your build? If yes, then can you tell me, please?
sploit
DD-WRT User


Joined: 16 Apr 2016
Posts: 307
Location: California

PostPosted: Sat Oct 07, 2017 19:12    Post subject: password Reply with quote
default username and pass of

root / admin

_________________
My Karma ran over your Dogma
SploitWorks Custom Flashed Routers
khurramt
DD-WRT Novice


Joined: 04 Oct 2017
Posts: 3

PostPosted: Mon Oct 09, 2017 7:17    Post subject: Re: password Reply with quote
sploit wrote:
default username and pass of

root / admin


Thank you! My router has been brought back to life Very Happy

I erased the firmware and put Kong's build (dated 2017-10-0Cool using tftp. I had to erase firmware because it would not allow me to flash the firmware and kept giving me "image check failed" error. Even though the firmware was downloaded from Netgear's site.

I will update my post with the steps I took to recover my R6300V2 so it could help someone else like me in the future.
Format_C
DD-WRT Novice


Joined: 25 Oct 2017
Posts: 29

PostPosted: Wed Oct 25, 2017 8:03    Post subject: Bricked R6300V2 with V1 Firnware Reply with quote
I have a R6300V2 and I accidentally flashed the version 1 firmware image

I got the vmlinuz loaded and an SSH window open (I put the router away for the night so I assume I have to reload the vmlinuz image when I get to it again)

anyway what am I supposed to type in the SSH window?
I know the username/password but what do I type to actually load the correct firmware? I am using the putty program.
Format_C
DD-WRT Novice


Joined: 25 Oct 2017
Posts: 29

PostPosted: Thu Oct 26, 2017 0:01    Post subject: Nevermind I figured it out Reply with quote
I had to use a TTL cable which I already had as I program remotes with it (Known as JP1)

I have the Charter version (I actually have Charter but I bought the router on eBay)

I was doing it wrong I did not know after I got to the CFE prompt once I typed "TFTPD" that I was supposed to open a TFTP window

I thought it had something to do with the VMLINUZ file and SSH boy I was wrong

Anyway I flashed a Charter firmware and it now works and I will now be more careful flashing my routers

I also have a Netgear WNDR4500V1 that I recently flashed to a newer build (That file is also applicable to the R6300 but only the version 1 (That is where I screwed up as I have the R6300V2
Goto page Previous  1, 2, 3 ... 9, 10, 11, 12, 13, 14  Next Display posts from previous:    Page 10 of 14
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum