[Solved] Zyxel NBG6817 flashing from OEM

Hi, @tolga9009. I'm not linux guru, can you please share how did you ban IRQ 99/eth0 and 100/eth1 and manually pinned them to CPU0 and 1 ? Also why did you do this ? I know what irqbalance does, but didn't know there is some need for fiddling on nbg6817.
Thanks :slight_smile:

Not entirely sure, whether IRQ pinning makes a difference or not, but irqbalance vs no-irqbalance made a huge difference in my environment.

My thought about IRQ pinning was: when eth0 / eth1 is not processed by the same CPU all the time, interprocess communication may slow it down. I read it somewhere on the net and it didn't seem to hurt.

cat /proc/interrupts reveals eth0 / eth1 IRQs. As irqbalance distributes IRQs more or less "randomly", you tell irqbalance to not touch eth0 / eth1 IRQs (IRQ 99 and IRQ 100 in my case) by using following options: irqbalance --banirq=99 --banirq=100. You can then manually pin IRQs to CPUs: echo 1 > /proc/irq/99/smp_affinity and echo 2 > /proc/irq/100/smp_affinity. Again, no idea if pinned vs unpinned makes a difference, but it's definitely not a requirement.

So I just obtained this router and every attempt I've tried to install LEDE has bootlooped the router. I've tried both the latest snapshot and 17.01.4. Is there something I'm doing wrong? I'm just DDing the two files to mmcblk0p4 and mmcblk0p5 respectively, and I made sure the bootflag on /dev/mtdblock6 is 0xFF.

Prefer snapshots over 17.01.4 until a potential 17.01.5 (or 18.x.y) gets released.

The installation process from the OEM firmware is:

copy lede-ipq806x-NBG6817-squashfs-mmcblk0p4-kernel.bin and lede-ipq806x-NBG6817-squashfs-mmcblk0p5-rootfs.bin to /tmp/ of your router (e.g. by using wget directly or scp'ing the firmware)

# printf "\xff" >/dev/mtdblock6   #warning, only do this from the OEM firmware!
# cat /tmp/lede-ipq806x-NBG6817-squashfs-mmcblk0p4-kernel.bin >/dev/mmcblk0p4
# cat /tmp/lede-ipq806x-NBG6817-squashfs-mmcblk0p5-rootfs.bin >/dev/mmcblk0p5
# sync
# reboot -f

A self compiled ~10 days old snapshot is working fine for me.

Strange, that's what I was doing with the latest snapshot, both with dd and cat. I'll have to try it again I guess D:

I've written a simple script which can set the bootflag safely on both LEDE and the ZyXEL OEM firmware.

I've also started to document the ZyXEL NBG6817 in the OpenWrt wiki, as I conclude that @tmomas prefers device specific information to be maintained there (cf. Xiaomi WiFi Router 3G):

https://wiki.openwrt.org/toh/zyxel/nbg6817

(I'm not quite sure how to represent 4 MiB SPI-NOR flash && 4 GiB eMMC in the device table though).

I've now implemented full dual-boot support for nbg6817 in this pull request (pending):

https://github.com/openwrt/openwrt/pull/670

This means LEDE will from then on always flash to the other, currently inactive, partition set. Both partition sets keep their own overlay, so you can toggle between different LEDE versions, each with their own configuration.

Safe options to toggle between the dualflag are using the afforementioned nbg6817-dualboot shell script (which also works from on the OEM firmware) via ssh or by installing and using luci-app-advanced-reboot for a nice integration into LEDE's webinterface.

1 Like

Can I install the firmware now without need of compiling it by myself?

trunk/ master yes, since early november 2017, the corresponding change has also been backported to the lede-17.01 branch (not yet present in 17.01.4, will be present in 17.01.5 or 18.xx.y).

This has now been merged and should be available in snapshot builds starting tomorrow.

Keep in mind that the installed firmware provides the sysupgrade functionality, so it will only start alternating between both firmware locations once you have a firmware version supporting this functionality already installed (so second flash from now on).

1 Like

I need some help recovering from a bad flash on my Zyxel nbg6817. It got stuck in a boot loop. If I power it up while holding down the WPS button I'm able to then ping it at 192.168.1.1 which is something. I've tried sending firmware to it using tftp2.exe and the generic windows tftp client with no luck. I've also tried setting up my PC as a TFTP server listening on .33 and .99 also with no luck. Does anyone have any tips or am I out of luck?

EDIT: Solved my issue. When I connected my PC directly to the router with nothing else connected Windows 10 decided that it was a "public" network and the firewall blocked incoming connections. Turned the firewall off and nbg6817 immediately grabbed the factory firmware! My router is alive!

Hello, first post from me (but as I am just getting started not the last one :slight_smile: )
I am having zyxel nbg6817, and want to run lede on it... but dont know how.
I have win based laptop, I download correct .bin files and will kindly ask someone to write step by step what to do next to get it installed.

Thank you in advance!

https://openwrt.org/toh/zyxel/nbg6817#oem_easy_installation

Until 17.01.5 or 18.xx.y gets released, you need to install a snapshot instead of a release build (otherwise the overlay won't be persistent).

Question.

I'am currently having chaos in my brain.
I have this type router for the past 3 weeks and i have some performance issues with it.
I have 400/40 from the ISP over cable ( Docsis 3.0 this your will update to 3.1 ) and i can't get it to work propperly.

So today i want to flash it back to it's original firmware and test the speeds there to see if there actually is a form of difference between them if no i want to return it back to the store, because i can't work with unstable download speeds.

So the actual problem now is: i tried to sysupgrade -n -F NBG6817_V1.00(ABCS.7)C0.bin and when ever it reboots it goes straight back to lede. Could you help me out with this situation?

@slh quick question from a novice/someone who has only flashed OpenWRT to devices via GUI previously.

In the OEM Easy Installation steps you linked, I take it that to get copies of .bin in the /tmp directory I should follow the generic instructions for upgrading LEDE via cli, specifically the Download and verify the LEDE firmware upgrade image?? https://openwrt.org/docs/guide-user/installation/sysupgrade.cli

So 1) Download the two snapshot .bin files, then 2) use code in OEM Easy Installation?

Edit: I guess I should add that I have WinSCP, so I could just transfer the files to /tmp via WinSCP's file explorer, yes?

Thanks!

  1. It doesn't matter how you copy the files to /tmp/ of your router('s OEM firmware). You can use (Win)scp (once you've enabled the ssh(d) in the OEM firmware), you can use (busybox-)wget to download it directly on the router's root shell from LEDE's download mirrors, etc. pp.
    For confirming the checksum, only an md5sum binary is provided by the OEM firmware, while the LEDE/ OpenWrt download mirrors only list sha256sum checksums (check the sha256sum of the downloaded files on your workstation and generate the according md5sum locally from that download, to check it on the router again).

  2. Yes, be extremely careful about getting the printf part right.
    If you want additional safeguards, use https://github.com/pkgadd/nbg6817/blob/master/nbg6817-dualboot to set the rootfs (copy to /tmp/, chmod +x /tmp/nbg6817-dualboot, /tmp/nbg6817-dualboot --set-rootfs /dev/mmcblk0p5) instead of using printf directly.
    Be careful to do all five steps in one go, don't reboot prematurely.

It is strongly recommended to install either a openwrt-18.06 snapshot (includes luci) or a master snapshot (doesn't include luci) on a nbg6817, LEDE <= 17.01.4 doesn't setup a persistent overlay (that has been fixed for 17.01.5 and 18.06.0, but those haven't been released yet - so you need snapshots for now).

You need to be very careful about changing the dualboot flag (via printf or nbg6817-dualboot), to make sure that you really write to the correct /dev/mtdblockX (it's 6 when running the OEM firmware or 11 on LEDE/ OpenWrt; nbg6817-dualboot ensures to only accept valid settings), other than that, the nbg6817 is basically unbrickable (tftp should almost always recover it to the OEM firmware), as all firmware operations (except for selecting the dualflag setting) happen on the eMMC, leaving the crucial data (bootloader, ART, firmwares, etc.) on the spi-nor flash untouched.

Thanks for taking the time to respond in detail!

Also, very helpful to know not to run the "OEM Easy Install" code line by line, but rather run it all at once as the 5 line blob.

What exactly does the nbg6817-dualboot package do? How to I use that if I am on the OEM firmware. When you say "copy to /tmp/, chmod +x /tmp/nbg6817-dualboot, /tmp/nbg6817-dualboot --set-rootfs /dev/mmcblk0p5", would you just run that line in the OEM cli or am I manually copying over the github file to /tmp? Apologies for all the additional questions, I am very new to this. It sounds like I need a better understanding of Linux and OpenWRT cli.

The additional safeguard sounds like a great concept, but now I am worried about messing up the installation of that and it might be better to just stick to copying that 5 line code chunk in one go.

Well, you still execute those 5 lines one by one, copying them over and hitting enter one by one (so you have a chance to spot and react to potential error messages), you just don't start in the morning, before powering off, having tea time and continuing in the evening.

Again, you can use nbg6817-dualboot (which uses additional safety checking), you don't need to - if in doubt, you can follow the wiki verbatim (I've written it - and obviously nbg6817-dualboot didn't exist yet when I first did those steps on my own device). That said, the script's help screen (./nbg6817-dualboot -h) is right on top of the file and should be easy to read even if you aren't familiar with POSIX shell scripting (as is traversing the relevant code paths). But, essentially the following is equivalent to printf "\xff" >/dev/mtdblock6, just with some additional safe guards:

root@NBG6817:~# cd /tmp/
root@NBG6817:/tmp# wget https://github.com/pkgadd/nbg6817/raw/master/nbg6817-dualboot
root@NBG6817:/tmp# chmod +x /tmp/nbg6817-dualboot
root@NBG6817:/tmp# /tmp/nbg6817-dualboot --set-rootfs /dev/mmcblk0p5

(obviously you can replace wget with manually copying it over from your workstation via (Win-)scp)

Except for --set-rootfs and --reset-rootfs, all of the script's operations (parameters) are readonly and safe to use (just in order to account for potential extensions in the future, these safe parameters currently amount to -h|--help, --check-mtd-integrity, --get-mtd, --get-rootfs, --get-version <blkdev>, -l|--list), so have a look at

root@NBG6817:/tmp# /tmp/nbg6817-dualboot --list

to understand about the current setup of your router.

To make this as simple as possible I am going to list what I believe is the complete steps using the 18.06 snapshot.

  1. Connect new ZyXEL NBG6817 to the Internet with ZyXELs firmware in use.
  2. Browse to 192.168.1.1 and go through the initial setup.
  3. Enable SSH access from the advanced remote management configuraiton
  4. Using an SSH client connect to the ZyXEL using root and the password created when first accessing the ZyXEL web interface.
  5. Change directory to /tmp
  6. Download required files using wget (links listed here were from 15/06/2018) from http://downloads.openwrt.org/releases/18.06-SNAPSHOT/targets/ipq806x/generic/ you will want to copy the current links and modify the wget commands below to download the latest build.
    6.1 wget http://downloads.openwrt.org/releases/18.06-SNAPSHOT/targets/ipq806x/generic/openwrt-18.06-snapshot-r7018-18f18a2-ipq806x-zyxel_nbg6817-squashfs-mmcblk0p4-kernel.bin
    6.2 wget http://downloads.openwrt.org/releases/18.06-SNAPSHOT/targets/ipq806x/generic/openwrt-18.06-snapshot-r7018-18f18a2-ipq806x-zyxel_nbg6817-squashfs-mmcblk0p5-rootfs.bin
  7. Enter these commands to complete the install, make sure you use the updated file names you downloaded:
# printf "\xff" >/dev/mtdblock6   #warning, only do this from the OEM firmware!
# cat /tmp/openwrt-18.06-snapshot-r7018-18f18a2-ipq806x-zyxel_nbg6817-squashfs-mmcblk0p4-kernel.bin >/dev/mmcblk0p4
# cat /tmp/openwrt-18.06-snapshot-r7018-18f18a2-ipq806x-zyxel_nbg6817-squashfs-mmcblk0p5-rootfs.bin >/dev/mmcblk0p5
# sync
# reboot -f

Once rebooted you will be able to browse to the web admin at http://192.168.1.1

I understand that you're afraid of potentially bricking a brandnew device, but quoting the procedure over and over again won't actually lead to a different outcome.