Hello,
Just bought what should be my second WNDR3800 - but I'm starting to wonder what I really got...
The markings under the router states that it's a 3800
I couldn't get into the web configuration, even after a "reset to factory" (it reverted the 401 error message from Chinese to English, so I'm guessing I got it right), so I TFTP flashed it with Netgear's 1.0.0.52 image. It failed to self-reboot, but power cycling it succeeded, and I was able to log into the web configuration page for the first time. The banner was proudly claiming that this is a 3700.
I decided to reflash it with 17.01.4 through the web interface. The 3800 image failed the signature check, but the 3700v2 image was accepted. Again, it failed to self-reboot, but power cycling it fixed everything.
LuCI's overview page states that this is an "NETGEAR WNDR3700v2NETGEAR0"... but at the same time, states that it has 125640kB RAM, and the software tab states that I have 11.6MB free, numbers that make sense for a 3800, but not for a 3700.
So even if it probably doesn't matter, what's this???
a refurbished or second-hand router where somebody has erroneously overwritten the "art" partition where the model name, MACs, etc. are stored. If somebody has modified that and overwritten 3800 data with 3700v2 data...
This my my old un-updated text from a few years back:
WNDR3700v1 and WNDR3700v2 only have the header until the router serial number.
The things after that are normally found only in 3800, but there have been a few cases of wndr3700v2 with also that additional info. Maybe the most recent batch, or refurbished, or something like that.
After the header, art partition contains e.g. wifi calibration data for the device.
To my knowledge that data is common for all devices of a certain type.
This is from a real WNDR3700v2. See how the contents end after the type and serial numbel:
Usually the wifi calibration data of the ART partition is specific to each individual device (or at least rather small production batches), among plain simple calibration deltas, it also calibrates against the temperature curves of the analogue components.
hnyman: thank you for an EXTREMELY useful and detailed answer.
Router was sold as used, but was supposedly a canadian market unit. Red front panel. All case markings are WNDR3800, not -CH, and the FCC ID matches the value on wikidevi - but I have no idea if this is meaningful.
The art partition is a mixed bag:
It has the full WNDR3800 format
MAC prefixes are all 0x20E52A - my other 3800 is an 0x744401 - but both prefixes are legit for Netgear. The first MAC matches the case sticker
Serial number, default network name and password also match case stickers
Magic number is 32 39 37 36 33 36 35 34 2b 31 36 2b 36 34 (29763654+16+64) - the 16/64 part makes it more coherent with a 3700 than a 3800
Model number is WNDR3700v2
The two NULLs between the model number and the default network name are missing - that explains the very long model name in LuCI
After the bunch of NULLs, the default password starts at offset 0x61 - my other 3800 starts at 0x62
The remainder of mtdblock6 closely matches what I see in my other 3800 - data in the same places, with some values being different, which is coherent for calibration data. Of course, I have no way to tell whether that calibration data was computed for this specific router.
I still have to read most of the links you provided.
I remember having seen discussion on similar issues regarding WNDR3700v2 about 3-4 years ago on Openwrt forum and dev.openwrt.org bugtracker. No actual reason was found, but the speculation was that some refurbished unit had got wrong data, or something similar. It sounded like the last 3700v2 routers that were produced/refurbished while 3800 production was ramping up, were possible "wrongly patched" and had 3800-like art contents. Or something similar.
Your case looks other way round. As it has 3800 hardware, but seems to believe that it is 3700v2.
Note that possibly there are no nulls in WNDR3700v2, as "WNDR3700v2" is 2 chars longer than "WNDR3800" and the next field is still expected to start at the defined place for OEM firmware.
Memory detection in kernel log "dmesg" is probably the best way to differentiate 3800 and 3700v2 hardware:
3800 says (around line 32 of "dmesg"):
Memory: 125140K/131072K available
3700v2 says:
Memory: 60100K/65536K available
Based on your new evidence, my personal guess is that somebody has modified & flashed the art partition wrongly writing malformed 3700v2 data to a 3800.
Ps.
I have genuine 3700v1, 3700v2 and 3800, and have published a community build for it since 2011, so I have a pretty long experience with the device. https://forum.openwrt.org/viewtopic.php?id=28392
I don't know. The MagicNumber ending in "64" instead of "128" makes it one byte shorter, and they've used this to start the model string at offset 0x37 instead of 0x38. There should be one NULL left, but the network name also starts one byte earlier. I guess the answer lies somewhere in Netgear's GPL source bundle, but I don't want to know badly enough to dig that far.
Sorry - yes, I also confirmed with logread.
Agreed. Although I have no idea what someone might hope to gain in doing that.
I once thought that it was a cost-cutting thing from Netgear - produce all boards with 128MB and simply program them differently - but it doesn't make sense to program a board as a 3700 and put it in a 3800 case.
Another idea was that it was a 3700 board in a 3800 case, but that can't be, given 128MB RAM - and the MAC would differ between the flash and the stickers.
Your guess is the only one that somewhat make sense.
It would be interesting to try to "fix" the data and reflash it, but except for knowledge, I don't see what I'd gain in doing that, so I doubt I'll do it.
Thanks for the reminder - I'll have to revisit it at some point. I checked it thoroughly a few years ago (around the BB to CC transition, maybe?) but at that time, I had too much custom stuff running on mine so building my own image was pretty much mandatory. Nowadays, it's pretty much the opposite - except for a few scripts, it sits idle, so using the basic LEDE image is quite easy. At some point, there's too many project to keep fully up-to-date everywhere.
But I must admit that you were the person I was hoping would chime in on this topic. I'm both glad and thankful that you did.
Cheers,
JMR
Hello hnyman, came across this thread from the internet. Since you seem to be an expert on the wndr3700 / wndr3800 I figured I'd ask you. I'm preparing to upgrade my wndr3700 to LEDE 17.01 after running openwrt 15.05 for many a year or so. I'm having trouble identifying which version I have (v1 or v2). Is there any method to determine from the cli?
my dmesg output on line 32 is:
[ 0.000000] Memory: 60812K/65536K available (2586K kernel code, 128K rwdata, 540K rodata, 256K init, 193K bss, 4724K reserved)
So I just upgraded from openwrt 15.05 > LEDE 17.01 successfully. I'm noticing some some missing tabs in Luci however. Is it merely a question of reinstalling the packages ? (such as UPNP etc). I also seem unable to SSH in, though the Luci interface is still working.
