So I flashed the latest Kong R6250 build without issue. Transfer rates for the attached USB3.0 drive were around 10MB/s. Then I flashed back to stock Netgear firmware and transfer rates were around 30MB/s. Not sure why the difference, but it is quite significant when transferring big media files.
When I flashed back to stock from DD-WRT I used the reset option. The router booted afterward but would not respond so I got out the USB=>TTL cable and flashed stock firmware again with tftpd32, which worked.
After flashing stock from dd-wrt, I have found netgear routers need to be reset using the reset button and then power cycling. _________________ I am far from a guru, I'm barely a novice.
Last edited by Malachi on Thu Jun 01, 2017 17:08; edited 1 time in total
So I flashed the latest Kong R6250 build without issue. Transfer rates for the attached USB3.0 drive were around 10MB/s. Then I flashed back to stock Netgear firmware and transfer rates were around 30MB/s. Not sure why the difference, but it is quite significant when transferring big media files.
When I flashed back to stock from DD-WRT I used the reset option. The router booted afterward but would not respond so I got out the USB=>TTL cable and flashed stock firmware again with tftpd32, which worked.
Yeah nothing to do with USB. On my 6250 I can make reads up to 20-22, and writes around 18 or something like that, on a regular HDD formatted NTFS, so that's weird, are you using ftp or smb?. _________________ R6400v2 (boardID:30) - Kong 36480 running since 03/09/18 - (AP - DNSMasq - AdBlocking - QoS) R7800 - BS 31924 running since 05/26/17 - (AP - OpenVPN Client - DNSMasq - AdBlocking - QoS) R7000 - BS 30771 running since 12/16/16 - (AP - NAS - FTP - SMB - OpenVPN Server - Transmission - DDNS - DNSMasq - AdBlocking - QoS) R6250 - BS 29193 running since 03/20/16 - (AP - NAS - FTP - SMB - DNSMasq - AdBlocking)
After flashing stock from netgear, I have found netgear routers need to be reset using the reset button and then power cycling.
The Kong DD-WRT flash from stock booted right up. But the flash back to Netgear firmware wouldn't boot. I tried resetting but no change so I flashed again via USB=>TTL cable.
Xeon2k8 wrote:
Yeah nothing to do with USB. On my 6250 I can make reads up to 20-22, and writes around 18 or something like that, on a regular HDD formatted NTFS, so that's weird, are you using ftp or smb?.
Think it was smb with NTFS drive. Actually, the stock USB transfer rates can peak well over 30MB/s (have seen over 50MB/s on LAN transfers). DD-WRT never got over 10MB/s and was often closer to 6MB/s.
Posted: Mon Jun 19, 2017 20:22 Post subject: Re: Boot Wait Isnt Enabled By default
and magically the tftp pull for vmlinuz is gone.[/quote]
Net gear bootloader aka cfe just hide help and other intrusion. Simple use usb ttl aka cosole serials. First of all,use tera term VT program for ttl serials that the best automatic aka like putty.Second use tftp like server; set Lan on window to manual 192.168.1.2 and tftpd to fold with you want. Third use cli flash as cfe:> prompt are: "flash -noheader 192.168.1.2:r6300.trx flash1.trx" where "r6300.trx" is the firmware ether *.bin or trx or chk. You can even flash with asus merlin firmware too.the only thing that I am not replace cfe from rt-ac68u yet. Don't no if it us compatible yet. If someone can point out pin on bcm Armv71 at 41x7x03x09x0.
I have an r6250 and I'm not making much headway in recovering from a brick.
I have a USB TTL cable installed and I can get to CFE without issue.
I boot, interrupt the sequence with CTRL + C, perform an NVRAM ERASE to clear it back to default. I start the TFTPD client and it shows 'Reading:'
On my computer, which I've already set to the proper IP addresses, I send a firmware to the router using windows default FTPD client (I've also tried FTPD2, etc) and it's successful to a point.
Within Putty I can see that 'Reading' shows 'Reading :: Done"
Board ID : HDR0
Image ID: U12H245T00_NETGEAR
Reading ::
And this is as far as it gets. I've waiting more than 15 minutes and nothing more happens. If I simply perform a restart and do nothing, it'll boot straight into TFPTD Ready mode. Only clue is the line:
Okay; I'm up and running (on Netgear stock firmware, V1.0.4.12_10.1.15)... for now...
I wanted to take the time to provide my steps to people so that others may be able to recover as well.
Through playing with some CFWs, I ended up corrupting something somewhere along the way, honestly; I forget what I had done to cause it. Point being, I was powered on with a blinking green light.
Through initial investigations I was able to ping the router and I could use console commands within windows (10) to tftp a firmware to the router, but nothing ever came of it:
tftp -i <ip> put <firmware>
I'd get a successful message back from the console session, but the router did nothing at all.
I moved forward and purchased this https://www.adafruit.com/product/954 to get myself started. This company did offer a link location for drivers, but Windows 10 did auto-install drivers which worked just fine.
As per the mfg the pins are:
Black -> GND (Pin 2)
White (RX) -> TX (Pin 3)
Green (TX) -> RX (Pin 4)
Red (VCC) Un-used
FIRST MISTAKE was made here. I originally wired up the white and green backwards and although my PuTTY session worked fine, I couldn't interrupt the boot sequence. Nothing was garbled, everything was fine, it just wouldn't interrupt. Other interesting point, I couldn't boot the router from a powered off state with the USB plugged in. I had to power the router on, plug the USB in, start the PuTTY console and attempt to interrupt. So if you're experiencing similar, double and triple check your wiring.
Once I remedied all of these things, I could boot the router and interrupt just fine.
Onto my next issues, sending a firmware over to the router.
Following the guides listed, I could send a firmware, but the router was not taking it. Rather, once I sent it and getting confirmation from console, the router would continue saying 'Ready' as though it needed something more. Even leaving it for a period of time resulted in no change of note (left it overnight).
From a powered off router, power it on and interrupt using CTRL+C to get into CFE
Once you're into CFE, perform an nvram erase just to get that out of the way.
In a seperate command prompt window (not CFE/Putty), have your firmware ready to be sent using the following line from the location of the firmware on your computer. IE: If your firmware is in C:\firmware -- run the command from that location:
tftp -i 192.168.1.1 put <firmware>
Since I was putting the NetGear stock firmware back on, I used:
tftp -i 192.168.1.1 put R6250-V1.0.4.12_10.1.15.chk
The important part here is 'ready to be sent' but don't actually send it yet.
In PuTTY - issue the command flash -noheader : flash0.trx
The window will change to TFTPD mode and waiting to accept a file.
In the command prompt console, hit enter and your firmware will send across.
What made this different for me from all my other attempts was the router was ready to flash whatever file I sent it whereas before, it wouldn't do anything once the router accepted the file.
Once the router programmed itself it brought me back to the CFE> prompt where I simply issued a reboot and waited for it to start.
Other key note was that I could not use this process to flash, for instance, Kong's firmware. I had to go to stock first.
Hope this helps others out, I struggled with this for a number of days
Thanks for posting the detailed instructions, StabbingHobo. I had to use a USB=>TTL cable as well to get my R6250 up and running again with stock firmware.
Posted: Wed Aug 30, 2017 3:42 Post subject: Re: Also here is some other stuff
sploit wrote:
I am making a very detailed manual on this router. It has been a fun one I will release it in the near future. Here is some basic info to help you guys for now.
The PL2303 HX USB to Serial will work with windows10 with the drivers I included. Make sure and remove any other Bull$hat drivers you probably already installed. It should install as ComPort3 but you will need to check your Windows Device Manager to see what it installs as.
Dismantle the router and flip the board over to expose the pins. All of the Netgear R6300v2 have them.
J252 Jumper = RX = Green
Pin 3 = TX = White
Pin 2 = Ground
DO NOT HOOK UP RED WIRE
1) Unplug the router from main power pack.
2) Use a USB Serial Connector (As Pictured). I use a PL2303 HX from EBay. They cost about $3.00 I have the drivers for windows 10. Get one with the standard usb colors shown above, because it is easy to identify what is what by the color coding. (Red is Power, Black is Ground, White is Transmit, Green is Receive) DO NOT HOOKUP THE RED WIRE ON THIS UNIT.
3) Make sure Power button is in off position.
4) Plug in power pack.
5) Connect using Putty: Com Port 3, 115200,8,N,1 and Flow Control Off.
6) Use Router Power Button to Power On.
7) Stop the Boot Process by Rapidly Pressing Keyboard Keys CTRL-C-Enter in that order over and over after you see the “FoxConn” Message for loading. You should drop to the CFE> Prompt. If you miss it, restart the process by turning the router power switch off and on.
If you have a CH Model then type “burnboardid U12H240T00_NETGEAR” without quotations and press ENTER. This will convert the board id to a regular r6300v2.
9) You can now flash whatever initial firmware you want by typing tftpd which will start the tftp daemon on the router and it will listen for firmware to be transferred.
*** Note *** Do not use the crappy Linksys tftp2 program. Use tftp with linux or tftp from windows or another tftp program. The tftp2 program from Linksys will timeout on larger firmware images.
10) Power off Unit and Disconnect USB when done.
This unit does not really need a serial cable for recovery if you know what you are doing
The reason is because it has two failsafes.
1) The vmlinuz file
2) Enters TFTPD mode automatically upon bad firmware.
*** special notes ***
1) If your r6300v2 router is pinging ttl=100 continuously it is waiting for firmware via tftp
2) If it briefly pings ttl=100 (Maybe 4 times) then that time it is looking for the vmlinuz file from a tftp SERVER at 192.168.1.2
To all newbies a tftp server is different than a client. A client application is like tftp, or the linksys tftp2 program. A tftp server actually hosts files like a directory or http server. Understand that there is a major difference.
3) If you have a blue stripe on the bottom of your rouyer then you have a r6300v2CH and to recover you will need a.R6300v2CH Firmware file.
4) If you have a Yellow Stripe on the router it is a R6300v2.
Kong has a ddwrt file for both.
More to come when I have time. Been really busy lately.
I had a PL2303 handy and this tutorial saved my bacon!
Posted: Thu Aug 31, 2017 17:38 Post subject: Re: Netgear R6300v2 Advanced Debrick Notes By Sploit
sploit wrote:
Please leave comments on this to help other users and keep the thread active once it works for you. It helps other users having your same problems....
Advanced Debrick Guide for the r6300v2 by sploit
This router actually has a very sophisticated smart boot process.
On boot, “if” you are running Netgear Stock firmware and after passing a quick CRC check it will boot the Netgear Firmware and Never attempt to start a TFTP Daemon no matter what you do with the buttons.
following your inspired, why you keep non-convenience CFE. how about converting a bad router into a permanant unbrickable aka a zombie router with upgradable to r7000 with a vey easy way to flash FW throught usb port by a wireless usb serial device with step by step Guide line. Stay tune...will comming soon...
I have followed your troubleshooting steps and managed to get the router to load your vmlinuz via TFTP. I have tried blank and many other passwords to log in via SSH & web interface but nothing seems to get me in. Did you set a password on your build? If yes, then can you tell me, please?
Posted: Mon Oct 09, 2017 7:17 Post subject: Re: password
sploit wrote:
default username and pass of
root / admin
Thank you! My router has been brought back to life
I erased the firmware and put Kong's build (dated 2017-10-0 using tftp. I had to erase firmware because it would not allow me to flash the firmware and kept giving me "image check failed" error. Even though the firmware was downloaded from Netgear's site.
I will update my post with the steps I took to recover my R6300V2 so it could help someone else like me in the future.
Posted: Wed Oct 25, 2017 8:03 Post subject: Bricked R6300V2 with V1 Firnware
I have a R6300V2 and I accidentally flashed the version 1 firmware image
I got the vmlinuz loaded and an SSH window open (I put the router away for the night so I assume I have to reload the vmlinuz image when I get to it again)
anyway what am I supposed to type in the SSH window?
I know the username/password but what do I type to actually load the correct firmware? I am using the putty program.
Posted: Thu Oct 26, 2017 0:01 Post subject: Nevermind I figured it out
I had to use a TTL cable which I already had as I program remotes with it (Known as JP1)
I have the Charter version (I actually have Charter but I bought the router on eBay)
I was doing it wrong I did not know after I got to the CFE prompt once I typed "TFTPD" that I was supposed to open a TFTP window
I thought it had something to do with the VMLINUZ file and SSH boy I was wrong
Anyway I flashed a Charter firmware and it now works and I will now be more careful flashing my routers
I also have a Netgear WNDR4500V1 that I recently flashed to a newer build (That file is also applicable to the R6300 but only the version 1 (That is where I screwed up as I have the R6300V2