twice per second sounds like reboot loop, that's not good...
There must be a way to fix this situation, no?
Perhaps we should all chip in to an OpenWrt brick insurance. We all chip in $5 and next person to brick device can claim.
Yes. Attaching serial console is the first step to know what's going on.
If you don't get anywhere from there (because bootchain fails very early) you got two more options:
- directly connect to the SPI-NAND flash chip, e.g. using CH341 USB-SPI adapter (more complicated than one might think as you will have to imitate the in-hardware ECC OOB layout)
- connect JTAG pads e.g. to FTDI FT2232H breakout and use OpenOCD, see
Thanks for all of the effort @daniel et al.!!!
I experienced a bad flash (blinking power light) from factory firmware a few weeks back, and just sat down to try and restore the beast. Fortunately, U-boot was functional in the serial interface, and I eventually flashed the recovery initramfs, restored my (backed up) original mtd partitions, and from there flashed the latest-and-greatest installer while watching the console. All of that is well documented in here and elsewhere. Ubi installed correctly this time, and I am happily now running the latest snapshot from the Luci interface to auc.
I'm a happy camper!
However, I have one question (maybe a FAQ?). Given that this might be a (slightly) nonstandard firmware route from OpenWRT's viewpoint, is this UBI-based firmware approach for this router going to be pushed "upstream" into the main OpenWRT repo? Or is this something that will be dependent on @daniel continuing to maintain this approach externally to OpenWRT mainline?
Again, thank you for all of the HARD WORK so far!
3 Likes
So I installed openwrt on my belkin rt3200 and it was working fine until I did a sysupgrade on it. after 2 hours of it saying "installing upgrade" and whatnot with the circle going around and around i figured it was done upgrade and just froze. So I unplugged it and plugged it back in. Now I have no power light that comes on and the internet light comes on as orange no more than 5 seconds after power goes to it. I've tried installing firmware to it, it won't work. So i listened on a tcpdump and it wants a ubi-recovery file so i set up a tftp server and made sure that the file was named the exact same and still no luck it just kept repeating the same thing. That was in linux and now i am in windows because i was trying to fix it using windows hoping that will help. no luck so far. im not sure what to do though, i can ping it but i cannot ssh to it unless im doing it wrong, can someone please help. thanks
What happened is most likely that you flashed a sysupgrade file which didn't match the UBI flash layout (ie. file without -ubi- in it's name).
To recover you need to setup a TFTP server listening at address 192.168.1.254/24.
You should download openwrt-mediatek-mt7622-linksys_e8450-ubi-initramfs-recovery.itb and let the TFTP server serve that file.
The router will download it (you can watch in tcpdump, you should see data transfer happening) and then come up with OpenWrt initramfs/recovery.
Once LEDs stop flashing, open LuCI in Web browser 192.168.1.1. From there proceed and flash sysupgrade file openwrt-mediatek-mt7622-linksys_e8450-ubi-squashfs-sysupgrade.itb.
1 Like
It already is upstream on git.openwrt.org and was from day 1.
However, the OpenWrt build system currently doesn't allow generating the installer (which is only needed once), so this is done using the script in my repository on github. All artifacts used by the script are built by OpenWrt's buildbots and so are up-to-date nightly snapshots.
1 Like
Fantastic!!!
Thanks again!!!
i set up a tftp server using atftpd and it says its serving the file to the router but nothing happens after that. not sure what im doing wrong though. it keeps repeating itself over and over again. here's the output of tcp dump
192.168.1.1.4060 > 192.168.1.254.tftp: [no cksum] TFTP, length 96, RRQ "openwrt-mediatek-mt7622-linksys_e8450-ubi-initramfs-recovery.itb" octet timeout 5 blksize 1468
18:24:02.834036 IP (tos 0x0, ttl 64, id 43810, offset 0, flags [DF], proto UDP (17), length 47)
192.168.1.254.45491 > 192.168.1.1.4060: [bad udp cksum 0x847c -> 0x78e1!] UDP, length 19
18:24:03.876772 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.254 tell 192.168.1.1, length 46
18:24:03.876787 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.1.254 is-at 6c:02:e0:82:5b:a0 (oui Unknown), length 28
18:24:03.876823 IP (tos 0x0, ttl 255, id 1074, offset 0, flags [DF], proto UDP (17), length 124)
192.168.1.1.2031 > 192.168.1.254.tftp: [no cksum] TFTP, length 96, RRQ "openwrt-mediatek-mt7622-linksys_e8450-ubi-initramfs-recovery.itb" octet timeout 5 blksize 1468
18:24:03.877257 IP (tos 0x0, ttl 64, id 44035, offset 0, flags [DF], proto UDP (17), length 47)
192.168.1.254.51948 > 192.168.1.1.2031: [bad udp cksum 0x847c -> 0x6795!] UDP, length 19
18:24:04.919467 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.254 tell 192.168.1.1, length 46
18:24:04.919482 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.1.254 is-at 6c:02:e0:82:5b:a0 (oui Unknown), length 28
18:24:04.919518 IP (tos 0x0, ttl 255, id 1075, offset 0, flags [DF], proto UDP (17), length 124)
192.168.1.1.3074 > 192.168.1.254.tftp: [no cksum] TFTP, length 96, RRQ "openwrt-mediatek-mt7622-linksys_e8450-ubi-initramfs-recovery.itb" octet timeout 5 blksize 1468
18:24:04.919918 IP (tos 0x0, ttl 64, id 44243, offset 0, flags [DF], proto UDP (17), length 47)
192.168.1.254.34327 > 192.168.1.1.3074: [bad udp cksum 0x847c -> 0xa857!] UDP, length 19
18:24:05.761626 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.1 tell 192.168.1.254, length 28
18:24:05.962462 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.254 tell 192.168.1.1, length 46
18:24:05.962478 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.1.254 is-at 6c:02:e0:82:5b:a0 (oui Unknown), length 28
18:24:05.962512 IP (tos 0x0, ttl 255, id 1076, offset 0, flags [DF], proto UDP (17), length 124)
192.168.1.1.1045 > 192.168.1.254.tftp: [no cksum] TFTP, length 96, RRQ "openwrt-mediatek-mt7622-linksys_e8450-ubi-initramfs-recovery.itb" octet timeout 5 blksize 1468
18:24:05.962906 IP (tos 0x0, ttl 64, id 44367, offset 0, flags [DF], proto UDP (17), length 47)
192.168.1.254.46001 > 192.168.1.1.1045: [bad udp cksum 0x847c -> 0x82aa!] UDP, length 19
18:24:06.781920 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.1 tell 192.168.1.254, length 28
18:24:07.005423 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.254 tell 192.168.1.1, length 46
18:24:07.005446 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.1.254 is-at 6c:02:e0:82:5b:a0 (oui Unknown), length 28
18:24:07.005490 IP (tos 0x0, ttl 255, id 1077, offset 0, flags [DF], proto UDP (17), length 124)
192.168.1.1.2088 > 192.168.1.254.tftp: [no cksum] TFTP, length 96, RRQ "openwrt-mediatek-mt7622-linksys_e8450-ubi-initramfs-recovery.itb" octet timeout 5 blksize 1468
18:24:07.006072 IP (tos 0x0, ttl 64, id 44518, offset 0, flags [DF], proto UDP (17), length 47)
192.168.1.254.32781 > 192.168.1.1.2088: [bad udp cksum 0x847c -> 0xb23b!] UDP, length 19
18:24:07.805838 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.1 tell 192.168.1.254, length 28
18:24:08.048389 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.254 tell 192.168.1.1, length 46
18:24:08.048400 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.1.254 is-at 6c:02:e0:82:5b:a0 (oui Unknown), length 28
18:24:08.048434 IP (tos 0x0, ttl 255, id 1078, offset 0, flags [DF], proto UDP (17), length 124)
192.168.1.1.3131 > 192.168.1.254.tftp: [no cksum] TFTP, length 96, RRQ "openwrt-mediatek-mt7622-linksys_e8450-ubi-initramfs-recovery.itb" octet timeout 5 blksize 1468
18:24:08.048770 IP (tos 0x0, ttl 64, id 44594, offset 0, flags [DF], proto UDP (17), length 47)
192.168.1.254.53888 > 192.168.1.1.3131: [bad udp cksum 0x847c -> 0x5bb5!] UDP, length 19
18:24:09.090270 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.254 tell 192.168.1.1, length 46
18:24:09.090290 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.1.254 is-at 6c:02:e0:82:5b:a0 (oui Unknown), length 28
18:24:09.090312 IP (tos 0x0, ttl 255, id 1079, offset 0, flags [DF], proto UDP (17), length 124)
192.168.1.1.1101 > 192.168.1.254.tftp: [no cksum] TFTP, length 96, RRQ "openwrt-mediatek-mt7622-linksys_e8450-ubi-initramfs-recovery.itb" octet timeout 5 blksize 1468
18:24:09.090633 IP (tos 0x0, ttl 64, id 44811, offset 0, flags [DF], proto UDP (17), length 47)
192.168.1.254.37914 > 192.168.1.1.1101: [bad udp cksum 0x847c -> 0xa209!] UDP, length 19
18:24:10.132278 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.254 tell 192.168.1.1, length 46
18:24:10.132301 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.1.254 is-at 6c:02:e0:82:5b:a0 (oui Unknown), length 28
18:24:10.132351 IP (tos 0x0, ttl 255, id 1080, offset 0, flags [DF], proto UDP (17), length 124)
192.168.1.1.2143 > 192.168.1.254.tftp: [no cksum] TFTP, length 96, RRQ "openwrt-mediatek-mt7622-linksys_e8450-ubi-initramfs-recovery.itb" octet timeout 5 blksize 1468
18:24:10.132963 IP (tos 0x0, ttl 64, id 44882, offset 0, flags [DF], proto UDP (17), length 47)
192.168.1.254.34161 > 192.168.1.1.2143: [bad udp cksum 0x847c -> 0xaca0!] UDP, length 19
18:24:11.154187 IP6 (flowlabel 0xb00c8, hlim 255, next-header ICMPv6 (58) payload length: 8) fe80::8115:1b49:4fa6:34d0 > ip6-allrouters: [icmp6 sum ok] ICMP6, router solicitation, length 8
18:24:11.175286 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.254 tell 192.168.1.1, length 46
18:24:11.175309 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.1.254 is-at 6c:02:e0:82:5b:a0 (oui Unknown), length 28
18:24:11.175353 IP (tos 0x0, ttl 255, id 1081, offset 0, flags [DF], proto UDP (17), length 124)
192.168.1.1.3186 > 192.168.1.254.tftp: [no cksum] TFTP, length 96, RRQ "openwrt-mediatek-mt7622-linksys_e8450-ubi-initramfs-recovery.itb" octet timeout 5 blksize 1468
18:24:11.175974 IP (tos 0x0, ttl 64, id 44931, offset 0, flags [DF], proto UDP (17), length 47)
192.168.1.254.58873 > 192.168.1.1.3186: [bad udp cksum 0x847c -> 0x4805!] UDP, length 19
once again thanks let me know what im doing wrong, my roomate is already pretty upset haha
This looks like your local TFTP server is sending a very short reply to the device asking for the image. Could be "File not found!" or "Permission denied!" or something like that...
ya thats exactly what it was i put the file in the wrong directory oops. hey thanks daniel i appreciate it. seems to be working just fine now. just gotta do that fix for the 5ghz not working.
The small pads make this approach hard for a beginner, along with the fact that a large number of those dongles have the wrong voltage going out on logic, threatening to fry your nand without a level changer or modifying your dongle.
I also ponder whether the vcc output from one of these adaptors would suffice if the component was still on the board, since might get voltage sagging under the min for that winbond spi-nand?
As for the ECC, I think you can get snander to dump the OOB as well, but calculating it would probably end up being up to one whipping something up.
Goes back to attempting to attach wires to said tiny pads without correct tools
It's 1.27mm pitch pins, so quite a challenge. If you want to avoid soldering, get one of those PCB probe clamps with pogo pins:
1 Like
Yes, the JTAG header is a much easier solution for most people.
I just flashed my RT3200 with the recovery installer built from v0.6.1 in Administration-> Firmware Upgrade. Now the router is unreachable (the computer doesn’t recognize anything is plugged into the Ethernet port) and the power light start flashing immediately upon turning on the router.
Is there anything I can do?
@dahser: did you use the binary from github releases or did you build the installer youself?
From your description I figure the device is new and was running stock firmware, right?
I built the installer myself and the device was running stock firmware
Most likely something went wrong in your build of the installer.
Or it can of course also be that flashing went wrong for other unknown reasons, like weirdness of this particular flash chip (ie. bad blocks) or the manufacturer having made changes to the design... Overall this is still a risky procedure, things can go wrong.
But first thing I'd like to take a look at the resulting installer image file you generated.
Does the file size (roughly) match the size of the binary available for download on Github?
1 Like
The size of the built binaries are 15,104 for the installer and 8,832 for the recovery, which roughly match the size of the binaries on Github.
Same symptom here. First flashed recovery.itb, worked fine, then saved mtd blocks per backup instructions. Saved four blocks:
mtd0 - bl2 - 512KB
mtd1 - fip - 784KB
mtd2 - factory - 0KB ?
mtd3 - ubi - 128KB
Afterwards, I flashed recovery-installer.itb with the currently flashed recovery.itb image. Router now appears bricked (blue light, blinks ~twice per second, no ethernet connection, can't ping). Did I flash the wrong image here? Is factory supposed to be 0 bytes? Damn.
EDIT: Cracked it open and got serial access with an old Arduino Nano clone. Boot log here: https://paste.sh/opfQJCX8#NDYYukVsImgJNLa3zxR4LPhX "Bad Magic Number." Will try flashing over serial/TFTP tomorrow.
1 Like