TFTP flash

From DD-WRT Wiki

Jump to: navigation, search

Contents


[edit] General

This article describes how to do an initial flash or a TFTP recovery flash for your device.

  1. Unplug the router, get a TFTP client for the PC, and connect it via network cable to a router LAN port
  2. Set a fixed IP address on the PC with the same network as your router, e.g. Router: 192.168.1.1, PC: 192.168.1.2
  3. Get a known good DD-WRT release. Use the Supported_Devices, the device wiki, or the forum for recommended files.
    • For recovering a bad flash, the OEM firmware might be required
    • Use a mini build for 4+ MB flash devices (when possible) or micro build for 2 MB flash devices
  4. Setup the TFTP client, then start a continuous ping (-t switch is needed for this in Windows) to the router
  5. Plug in the router and start the TFTP client as soon as there is a TTL=100 ping response. The client should show transfer.

[edit] Special Asus TFTP Flashing Procedures

Some routers like the Asus WL-500xx series (WL-500G, WL-500G Premium, WL-500W, WL-500G Deluxe), need additional steps to perform a complete and proper initial flash. See this wiki page: Asus TFTP Flash

[edit] Special Netgear NMRP Flashing Procedures

Netgear router may require NMRP instead of TFTP.

[edit] Special for Vista, Win7 and Win 2008

In order to catch the narrow window for TFTP flash, you should use platforms with simple TCP/IP implementations that don't have CTCP implemented: Windows XP or Linux are reported to work, but some have reported significant problems with Vista, Windows 7 or Windows 2008.

  • For more information see this posting

Edit: While some may have reported problems, CTCP is definitely not the issue, because it is disabled by default in Windows Vista and Windows 7. So unless people are specifically turning it on, it isn't running. I personally just used TFTP on my router with no difficulties, although mine is a Netgear WNDR3700 that was waiting for a TFTP flash and didn't have this race condition at boot as some of these routers seem to. But again, even if you have an issue it's not CTCP. Check out the wikipedia article on CTCP for information on how to check if it is running and how to disable it (both are simple command line entries).

If having issues, try connecting a separate network switch between the PC and router, so the PC network port sees a connection before the router port is up. This should allow for a faster ping reply. Then follow the instructions as normal.

[edit] Special for Linksys WRT54GL Users

If the router seems to be bricked so that the power light is constantly blinking and pinging the router results in TLL=100 continuously, then there is still a great chance that tftp can help. Firstly you must flash the router with the original firmware available at Linksys homepage www.linksys.com, since flashing it with DD-WRT probably won't give any result at all. Then do a 30/30/30 and after that you can flash with DD-WRT Mini. The initial flashing can be done with only the mini version, perhaps later you can move on to bigger versions of it.

[edit] TFTP Tools

With TFTP, all of the information about the transfer is specified during the initial command/setup; there is very little client/server interaction compared with standard FTP.

[edit] Windows

  • Windows XP command line TFTP client is by default enabled
  • Vista and Win7 command line TFTP needs enabled:
    • Control Panel -> Programs and Features -> Windows Features -> then check mark TFTP Client
  • Windows GUI TFTP utilities:
- The server/IP address is that of the router being flashed.
- Leave the password blank.
- Navigate and select the firmware you wish to flash.
- Set retries to a number between 10 and 99.
  • Philippe Journin's tftpd64 TFTP client (plus various servers: TFTP, DHCP, Syslog, and Log viewer)
-Set the Server interface, Host IP, Local File, then click Put right after starting the router's TFTP server
-Download page also provides tftp32
  • DrayTek Router Tools: This program will run all those pesky TFTP commands with a push of a button.
ftp://ftp.draytek.com/Utility/Firmware%20Upgrade/ or https://www.draytek.com/products/utility/

[edit] Linux

  • tftp (official)
    • Arch Linux: install as root with pacman -S tftp-hpa
    • Ubuntu: install as root with apt-get install tftp
  • atftp: See Using atftp on Linux for details including usage, description, and examples
  • curl can also be used for tftp transfer: curl -T {file} tftp://192.168.1.1

[edit] Mac OS X

  • OS X ships with a command-line TFTP client.

connect 192.168.1.1

binary
rexmt 1
timeout 60
put dd-wrt.vXX_XXX.XXX

[edit] Windows

[edit] Command Line

This example is after a bricked update, using a Belkin f5d130uk (which has a bootloader built in, no need for redboot)

  • ping the router permanently, by running in Start > Run:
 ping -t 192.168.2.1 -t

and see if it is responding, e.g. like this

 64 bytes from 192.168.2.1: icmp_seq=1 ttl=64 time=2.90 ms
 64 bytes from 192.168.2.1: icmp_seq=2 ttl=64 time=0.264 ms
 64 bytes from 192.168.2.1: icmp_seq=3 ttl=64 time=1.44 ms
  • reboot the router via web-if or powercycle (the ping response will stop)
  • if you see the the first ping response again ...
 From 192.168.2.1 icmp_seq=1 Destination Host Unreachable
 From 192.168.2.1 icmp_seq=2 Destination Host Unreachable
 64 bytes from 192.168.2.1: icmp_seq=3 ttl=128 time=2.90 ms
 64 bytes from 192.168.2.1: icmp_seq=4 ttl=128 time=3.50 ms
 64 bytes from 192.168.2.1: icmp_seq=5 ttl=128 time=0.90 ms

... you will have to start the tftp upload in binary mode immediately after the first pings responses. The TTL of the boot tftp server will be 100 or 128. It usually does 5 pings responses, after that it will boot the firmware in flash, this is the right time to flash (the TTL of DD-WRT is only 64). If the upload doesn't work the first time, then you have to try the first steps again. you have to be very fast! ;-) Maybe you will have to reset the device via reset button a few times to get the tftp boot working (Siemens, Belkin and similar hardware).

 tftp -i 192.168.2.1 put dd-wrt.vXX_XXX.XXX
  • wait a few seconds (be patient! don't reset the router! keep waiting!) when the upload is successful, change your computer's IP address to 192.168.1.10, and the router will start responding at 192.168.1.1 with DD-WRT
  • user name: root, password: admin
  • always do a hardware factory reset after the successful flashing!

[edit] Linksys TFTP GUI

Linksys has a GUI flash utility

Special for Vista, Win7 and Win 2008
In order to catch the narrow window for TFTP flash, you should use platforms with simple TCP/IP implementations that don't have CTCP implemented: Windows XP or Linux are reported to work, but some have reported significant problems with Vista, Win7 or W2K8.
  • For more information see this posting

Here are the setup and use instructions for the TFTP utility. Both the Linksys original and a Linksys updated copy can be found here TFTP

  1. Set your computer hardware adapter to a static IP address within the same subnet as the router's original firmware (ex...set a static of 192.168.11.10 if your router's default IP address is 192.168.11.1). Set the net mask to 255.255.255.0.
  2. Start the TFTP utility.
    • The Server/IP address is that of the router being flashed.
    • Leave the password blank.
    • Navigate and select the firmware you wish to flash.
    • Set retries to 10.
  3. Now plug the ethernet cable from your computer into a LAN port of the router.
  4. Unplug the router, plug it back in, and immediately hit the Upgrade button on the TFTP utility.
    • If the router does not flash immediately stop the attempts and vary the timing from when you plug the unit in to the time you hit the start button. I have had good luck flashing within the first 1/2 second of reapplying powering the device.
    • Tip: ping the router continuously. Start > Run > ping -t 192.168.x.x -w 10. Power cycle the router (or tap the reset button) then press Upgrade as soon as you get the first ping reply.
  5. Once it flashes and you receive the Success message. Wait for a full 2 minutes while the new firmware flash configures itself. DO NOT power down the router!
  6. After the 2 minutes do a Hard reset or 30/30/30 on the router, then configure at 192.168.1.1 (DD-WRT's default IP address). The default DD-WRT username/password is root/admin.

[edit] Mac OS X

OS X ships with a command-line TFTP client.

First, download the firmware file and put it in your user folder (/Users/yourusername/).

Then connect your computer directly to your router via ethernet. Go to System Preferences > Network. Click on "Ethernet" in the left panel and change "Configure IPv4" to "Manually". Then change "IP address" to 192.168.1.x (where x is any number between 2 & 255).

Then copy & paste the following text into a text editor:

 connect 192.168.1.1
 binary
 rexmt 1
 timeout 60
 put dd-wrt.vXX_XXX.XXX

Change the last line to the filename of the firmware file, which you just moved to your user folder. Copy the whole thing, including the line break after the last line.

Now open Applications > Utilities > Terminal. Enter:

 tftp

A "tftp>" command prompt will appear. Now press the reset button on your router. On the tftp command line in Terminal, paste (Cmd+v) the text you copied. Since you copied the line break at the end, tftp will execute the command at the moment you paste it. Depending on your router, you may have to paste it multiple times to get the timing right.

If it works, you'll see something like this:

 tftp> connect 192.168.1.1
 tftp> binary
 tftp> rexmt 1
 tftp> timeout 60
 tftp> put dd-wrt.vXX_XXX.XXX
 Sent 1769472 bytes in 9.0 seconds

[edit] Linux

In Linux, tftp can generally be installed with whatever package manager your distribution uses.
on suse:

 smart install tftp

on fedora:

 yum install tftp

on ubuntu

 sudo apt-get install tftp

etc.
The tftp client for Linux and OS X is very similar. When invoked, it gives the user a prompt and takes commands from the standard input.
Binary mode can be set with command-line flags - in OS X, the "-e" flag sets binary mode (among other things which are less important), and in Linux "-m binary". Binary can be set from the prompt in either (this is done below for consistency).

Typical usage looks like:

 tftp 192.168.x.x
 > binary
 > put dd-wrt.vXX_XXX.XXX

Because the transfer must be initiated in a narrow time window during the router's bootup, tftp's retransmit option is useful. In the following sequence of commands, tftp will retry to send the file every second for one minute. This can be issued just before the router is booted, so that it will retry to send every second while the router boots.

 tftp 192.168.x.x
 > binary
 > rexmt 1
 > timeout 60
 > put dd-wrt.vXX_XXX.XXX

If it worked, it will say something like "Sent 1769472 bytes in 9.0 seconds"

If it didn't work, it will say "Transfer timed out." This is often because it cannot connect to the IP address. Make sure you have manually set your computer's IP address to one in the router's subnet.

You can quit tftp with the 'quit' command or hitting ctrl+D.

Many Linksys routers require a special version of tftp that has a simple form of authentication. You can download and compile a special version of tftp that works on these routers from: http://redsand.net/projects/linksys-tftp/linksys-tftp.php (you will need to unpack the tarball and compile the program)

[edit] Using atftp on Linux

Another way of doing this is using atftp. You can install aftp by search it in your package manager.

On Ubuntu:

sudo aptitude install atftp

On Debian (as root):

aptitude install atftp

On Fedora (as root):

yum install atftp

On Suse (as root):

smart install atftp 

Then you go to the folder where you downloaded the official Linksys firmware, for instance if you downloaded it in your desktop:

cd ~Desktop

Unrar the file, for instance if the file is WRT54GL_v4.30.11_012_ETSI_EN_code.rar

unrar x WRT54GL_v4.30.11_012_ETSI_EN_code.rar

Rename the firmware to code.bin.

cp WRT54GL_v4.30.11_012_ETSI_EN_code.bin code.bin

Then you prepare this command (do not press enter yet):

atftp --option "mode octet" --option "timeout  60" --verbose --trace -p -l code.bin 192.168.1.1

Disconnect all your network cables from your router, only leaving one from the computer to the router. Then open another terminal and ping to 192.168.1.1

ping 192.168.1.1

Then unplug and plug back the energy supply and when you see the first ping response from the router you must hit enter in the atftp terminal. Good luck! If everything is alright, you should see a lot of output, from all the transference. At the end you should see the orange/yellow light up. Then you should wait a couple more minutes (you never know what's happening there :D) and then try the Hard reset aka 30/30/30

About the atftp command: we are putting (-p) a local file (-l) called code.bin to the IP address 192.168.1.1 asking for fully information (verbose) and showing all packages (trace), also that it must be trying for one minute (timeout 60) and in octet mode. Remember, if you get "code pattern error", try with the official Linksys firmware. More information:

man atftp 
atftp --help

Important: you should always try atftp with the official firmware and then flashing to DD-WRT with the HTTP webpage on Administration, "Upgrade Firmware"; specially if you get "code pattern error".

Note: if you use Gnome or KDE you can get problems while trying to put your static IP address. Most of the times, applications like NetworkManager (aka nm-applet) or knetworkmanager will try to get a dynamic IP address, so you should first kill them. For example:

sudo killall NetworkManager

or

sudo killall nm-applet

[edit] If Something Goes Wrong

  • If the router fails to reboot (power light doesn't stop flashing, no web interface, etc.), see Recover from a bad flash.
  • Netgear routers may require NMRP (Netgear Management Remote Protocol) instead of TFTP.
    • nmrpflash is available for Windows (NpCap also required), Linux, and MacOS
    • Set a static IP as per TFTP, then run: nmrpflash -L to get the LAN connection for NMRP e.g. for net0
    • Type but do not yet run: nmrpflash -vi net0 -f {firmware}
    • Power off the router, wait 10s, then power up and run the above command
    • This should show a message like: Advertising NMRP server on eth0 … /
    • The first run may give an error: Timeout while waiting for TFTP_UL_REQ
      • Immediately 'up arrow' to bring back the command and re-run it again
    • The transfer could take up to 15min. Reboot after seeing: Remote finished. Closing connection. Reboot...
    • Retry if not working, and run ping' to monitor power-up timing: TTL=100 is for TFTP/NMRP

[edit] Related Links

Recover from a Bad Flash

Flash Your Siemens SE505

TFTP Flashing a Belkin F5D7230 - more detailed notes on flashing the F5D7230 (v1000, specifically)

Asus TFTP Flash - special steps for WL-500gP, WL-500W and WL-500g Deluxe

Using Ubuntu and tftp to flash an Asus WL-500W