WR841N v14 (US) - Problems extracting firmware

Hardware Questions and Recommendations
1

I'm trying to extract the firmware of my WR841N. The firmware chip's markings are "cFeon QH32B-104HIP". The hardware I'm using for extraction is the CH341A, with alligator clips. I volt-modded it to work at 3.3v, same as the firmware chip.

I've tried using 3 different software programmers; AsProgrammer, NeoProgrammer, and CH341A v2.2. AsProgrammer doesn't give any errors when I read, but it gives "FF" for every value it reads. NeoProgrammer and CH341A software keep giving me the error: "IC not responding / Disconnected". None of them are able to auto-detect the chip, so I have been manually selecting "EN25QH32 [3.3V]" chip.

Sometimes when I move the clips in just the right orientation, the board's LEDs will begin to light up, even though I'm doing this with the router unplugged. But I keep either getting "FF" for every value, or "IC not responding / Disconnected" every time. I'm definitely lining up pin 1 properly on the clips to the firmware chip, and with the CH341A itself (I'm using the 25 SPI BIOS side). But obviously I'm doing something wrong here.

I'm new to firmware reversing, so I'm kind of in the dark here. But my guess is that maybe with this particular board's wiring, trying to read the firmware chip automatically powers on the microprocessor, which interferes with reading/writing. So in that case it is only possible to access the firmware when the chip has been completely de-soldered?

Any help would be much appreciated, thanks.

2

Solved. It had nothing to do with my programmer/software. To anyone who encounters this problem with the WR841N v14 series, don't use the clips for extracting firmware. Just de-solder the chip, and solder it onto your 25CXX programmer board. You will get a much better read from the programmer this way.

3

The clip (unless it's of bad quality) is not the problem, trying to read/ write in circuit is, as you backpower the SOC that way - probably not enough to properly boot up, but enough to generate noise on the SPI bus. The options are:

  • desolder the chip and read/ write externally
  • lift at least the GND pin of the flash (partial desolder)
    risky, the pin might break off
  • find the SOCs reset line and keep the SOC in reset while attempting to read/ write the flash
    not easy to find on the PCB, likely to work, but not guaranteed
1 Like
4

Yeah I figured something like that was happening. Thanks for the tip, I will try lifting the GND pin next time.

5

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.