Recovering bricked WNDR4300V2

I am slowly getting to grips with OpenWRT and I had some modest success with my R6220, thanks to this forum. I was keen to try on another device and decided to flash a WNDR4300V2.

I was in the middle of an installation when we had a power outage, right after the LAN lights lit (but WLAN was off). I did have a ping going and the router was pinging just fine. Obviously when the power came back up the flash had gone bad and I was stuck in a boot loop. Router pings 4 times, the LAN LEDs turn off and after about tens seconds the power light blinks once and the router reboots.

The reset button does nothing. I tried up to 45/45/45 and the power light never began to blink, and TFTP clients were unable to upload the firmware because the router never gave them the time to, the window being too small. Is there any chance of getting it back?

I have a few spare Raspberry Pis, and a serial to USB is on the way but I'm having trouble locating the first step, which would be identifying the serial pins on the router - it does have a soldered header with one pin marked. Searches have yielded nothing for either this or the WNDR4500V3 which is similar (other Netgears, just not mine and each seems to be a bit different pinout).

Thanks for your help!

Well if tftp isn't doing anything then there is not much hope you can solve this without a serial connection. You could try nmrpflash as a last resort:

For serial connection: To get it correct and for sure you would need a oscillator. ^^
But you can do it with a multimeter also.

There are a lot of other videos. This was just the first hit I've got.

If you dont have a multimeter. You could try to guess a bit and watch the terminal. Never connect connect VCC to the router. Only GND, TX and RX. Sometimes there is a symbol for GND or VCC near the pins. Or GND/VCC have a square instead of a circle in the board (don't know better to describe). You could buy a multimeter also. I can imagine that you could utilize the raspi as a "multimeter" also.

You could post a photo of the board (back and front) here also. Maybe someone has a clue "because it looks similiar like other boards from netgear".

Thanks for the reply :slight_smile: It is very helpful. I can't even begin to figure out what to do with nmprflash though. I am pretty weak at Linux and I'm assuming I have to compile it? I don't know where to even start with that.

Due to the 4300V2 thread, I've managed to find the pinout for the UART header on the PCB. I have connected a Raspberry Pi 3 to the header and powered it up from the Pi (router power plug not connected) and I get the same behaviour, rebooting every 14 seconds. Power LED doesn't work and I expect it won't. Currently the Pi is updating, hopefully it will done by tonight (very old and slow SD card from 2011 as all my new cards are corrupted) and I'll give it a go first thing tomorrow.

I am planning to use putty from the Pi to open the COM port and once I have the IP and filename info I will try a TFTP upload over the LAN ports. I abandoned the USB to serial adapter as I'm in India, a country where getting reliable products of this kind is an issue. All are imported from China and are usually the cheapest you could find, so they're hit and miss. Pis on the other hand, I have plenty of.

There is a Windows binary also. You have to use command line and the switches accordingly. It's described under "Using nmrpflash".

You have to use a fixed IP for your client PC running tftp server. You don't get an IP from the router at this moment (usually). Maybe that was the issue why you were not able to tftp flash before.

Normally the IP's to use are described on device wiki. Or try to look into manual for router's standard IP and give your client PC an IP from within its pool.

Usually Netgear routers have tftp server running on u-boot.

The basic procedure of using a tftp client to upload a new firmware to your router:

https://openwrt.org/docs/guide-user/installation/generic.flashing.tftp

https://openwrt.org/docs/techref/hardware/port.serial

For serial you can you RPi also. No USB-to-serial adapter needed.

1 Like

Hi.

I was following the OpenWRT guide (and hence had set IP to 192.168.1.2 and later .234), but soon realised I wouldn't be able to do this over the serial console.

I'm going to go back to my Windows system and try again with the nmrpflash. I could not understand how to use the Pi to upload the firmware. Putty on Linux failed to connect. I changed permissions using chmod, set user "pi" to root group and still it could not open the port. I could not even get the group dialup to get access to /dev/tty.

Then I tried tftp, with the LAN connected and the Pi still powering the router board. At this time router seemed to be in a wait state, not rebooting and showing a connection to the Pi's LAN port. But it did not answer ping. I got as far as connect (and it said connected to 192.168.1.1 when status was asked) and then it simply refused to "put" the file, constantly saying no such file.

I changed permissions, copied the file to tftp directory, nothing worked. Then I spent an hour trying Minicom and screen, neither of which I could understand except that would not connect to serial port at all. I gave up finally, seeing that all their documentation referred to USB - serial adapters and I was trying an actual serial port. According to grep it was ttyS0, but that port wasn't responding and I couldn't figure how to open it.

As you can see, information on my router is non-existent: https://openwrt.org/toh/netgear/netgear_wndr4300_v2?s[]=wndr4300v2 so I have basically no clue where to start. I may have come up against a brick wall and this is probably way beyond my pay grade. All help for Linux is usually one-liners which I can't understand, so the simple job of opening up a serial port becomes a mammoth undertaking.

Thanks for your help so far. I shall try nmrpflash tomorrow and see how far I can manage to go.

Serial console is just an interface to the device/chip. If u-boot environment has the needed commands built in you could also load the image over serial into ram and then write to the rom. But that would take a long time (copy is slow).

Usually you are using the serial console to interrupt the boot process. If there is no proper button/key on the device itself to provide an automatical tftp upload.
After interrupting it depends highly on the environment what you can do. Often there is a menu which gives you options. E. g. "Load image over tftp" for sht. like that. If you see sth. like that choose it and configure (if necessary properly IP address/filename etc.). If not then you have to use e. g. the command "help" and look out for commands which could allow you to upload the image.

Use "screen" for the first attempt: On console raspi put in:

screen /dev/ttyAMA0 115200 8N1

If you got your wires on the right place then there should be appear a bootscreen after you have powered up your router.

From console you can get the informations you need for tftp (ip, imagename).

tftp server can be setup easy on linux:

- sudo su
- install atftp #command depends on distribution
- cd /
- mkdir tftpboot
- copy over your image file to /tftpboot
- chown -R nobody:nobody /tftpboot #if user/group not exist use atftp:atftp
- chmod 777 /tftpboot
- atftpd --user=nobody --group=nobody --daemon /tftpboot/ #start tftp

You have to weight out the time what you put into this against taking some bucks and get another used device. A N750 device should not be very expensive if you buy it used on e. g. ebay. But that depends on your location.

TFTP or nrmp works better if you connect an Ethernet switch between the router and the PC so the PC port stays up and configured while the router is off.

Thanks a lot for the advice and encouragement. I shall start this with a fresh mind today.

I discovered an old DIR-505 in my junk box that I was able to get going partially after a few attempts with OpenWRT, as the stock firmware was not accessible. I had opened it up to repair the mains section and lost the sticker that had the wifi-key, the only way to get into the stock interface. As mentioned on that device page I had to use a Windows PC as the first flash from the Raspberry Pi did not work at all. I'm still having issues with it, but at last it's flashed and running.

Anyway getting the D-link up has given me some hope that I might be able to turn the Netgear around, I will post back once I have been through the day. What I'm not able to grasp is the switch part. I already have a 5-port Gbit switch connected to the PC from which I am making the changes, but that in turn is connected to my main router. Should I cut the connection from the x.x.100.x subnet of my home router or can the switch find both routes (100.x and 1.x for OWRT default)? There is a spare port.

pwned, I was using ttyS0 :face_with_head_bandage: I assumed AMA0 was the BT interface for the 3B.

Anyway I'll try nmrpflash first as it seems a bit easier, and if needed head back to the Pi.

Disconnect from all other networks while doing TFTP. Otherwise you have to have two IPs on the Ethernet port, which is probably possible on Windows but making it more complicated than it needs to be.

Thanks Mike, I will do that. I'll work out some way to insert a switch in between.


If you connect like this. then its ttyAMA0 (for v3).
If you use and usb-to-serial then its prob. sth. like ttyUSB0. Never connect VCC! Especially Raspi has 5V here and most routers running 3.3V.

Yes, try this first.

1 Like

Thanks so much for all your help :slight_smile:

I used nmrpflash to upload stock firmware to the router and un-brick it. Of course I got cocky and tried to then flash OpenWRT through web interface, but it went back into bootloop. Router would come up after flash and respond to ping. I could also log in thru SSH but webpage would not come up. When checking opkg-installed I saw a very short list of which LUCI was not a part, I assumed it would be installed later.

Rebooting from console sent the router back into bootloop. I tried flashing OWRT through nmprflash but got identical result. Thankfully nmrpflash was still working so I put stock FW back and will call that the end of my adventure for that router.

Meanwhile my DIR-505 has also bricked itself, this time completely my bad. That's not a big loss because it was a brick for the last 18 months anyway, but I'll see if I can spend some time today and revive it just for kicks. I'm relieved to have a working router that I can at least put to use.

pwned, I had connected the 3.3V from Pi to the router on my first attempt and it worked, but I had left the router power unconnected. UART power pins can be both host and slave (I think) and routers are 3.3V. It worked fine - at least results were identical to using the brick and unplugging the UART power.

Once again, thank you so much for your help. I shall try to do the D-Link on my own. I guess reading slowly is something I've to do now, made lots of errors the last few days.

Glad to hear it's working. [s] It seems device support got never finished. Which is a bit sad, because it's hardware is still powerfull.

Maybe it's worth to file a bug report. [/s]

Yes, this is working if the chip is "protectet" and/or not all 4 pins are connected on power up. But I've read here on this forum often it is dangerous/you can destroy the router. So I've repeated this warning.

I've realized this remark to late. For this device there are snapshots only available. Snapshots do not contain LuCi! So forget the written above.
You could try to make your own build and include LuCI.

Oh I wouldn't even know where to start with building my own image. The problem is not LUCI, which I could download and install myself using the console, if the flash went okay. The reason I know it didn't was because when rebooting from SSH itself would send the router back into bootloop. If it came up reliably after every boot I could at least disconnect it and start the process of hooking it up to the internet. I never got that far.

The 4300 V2 has a documented issue of bad flash blocks corrupting the firmware copy process. Something about needing to clear the bad blocks by hand. I couldn't understand any of that conversation, way above my pay grade. I work with electronics and speakers, my own flash memory is already full with all of that. more data will corrupt it, so I'll just thank my stars that it is still working.

As for the router, I'll try and sell it and get something that works for me. I'm basically trying to build wireless adapters for PCs and SBCs, with a USB port to connect external DACs and USB speakers so it can run Squeezelite. My own multiroom system. The Netgear R6220 works fine for this use, but it's a little expensive. I'm still looking for other candidates.

It is not so hard. Just time consuming. :wink:

For snapshots the possibility to download additional applications is usually not lasting long. I don't even know if this is still possible at all.

O. K. that explains a lot.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.