Thanks a lot  !!!

Another question..  I'm a noob of flashing firmware...

I restored a stable firmware from CFE using:
protect off all
fsload

and then i tftp a whole new firmware from my pc to my router..

Now i can do this from an openwrt shell ? If yes, how? using dd?

Sorry, but i don't want to make other disasters..   :-D

Thank you

Normally, the uboot & art partitions are write-protected under Openwrt. And there is no reason to remove that protection, unless you really need to hack uboot or change art/caldata.

> Now i can do this from an openwrt shell ? If yes, how? using dd?

Do what?
Install Openwrt?
remove write protection?

The normal way to install Openwrt to WNDR3700 & 3800 is to use the Netgear GUI to install the Openwrt factory.img image. Just like described in Wiki.

If you already running Openwrt, either use Luci GUI or from console the "sysupgrade" script to update (and use a sysupgrade.bin image).

Ps. How did you brick the router initially? What were you doing?

(Last edited by hnyman on 24 Feb 2013, 21:42)

I brick the router when i trying to revert to stock Netgear firmware from dd-wrt firmware.

I must use a ttl-usb cable, change hw_board_id (because is blanked) and use fsload to restore a Netgear firmware ...

Now I'm already running Openwrt, and i would write the art partition (/dev/mtd5) with your dump, should i use the "dd" command ?
Or something at higher level?

Sorry for my bad english

I am not sure if you can flash the "art" from inside Openwrt.

As far as I know, the "art" area is normally write-protected, and you need to compile the removal of the write-protection right into the firmware (toggle a flag).

The correct command for openwrt flash operations is "mtd".

If you are not compiling a firmware I think that you need to do the flashing from u-boot. But I have no experience regarding it.

EDIT: I tested unlocking partitions, and art and u-boot remain locked ahile kernel and firmware can be unlocked for writing...

root@OpenWrt:/dev# cat /proc/mtd
dev:    size   erasesize  name
mtd0: 00050000 00010000 "u-boot"
mtd1: 00020000 00010000 "u-boot-env"
mtd2: 00100000 00010000 "kernel"
mtd3: 00e80000 00010000 "rootfs"
mtd4: 00a40000 00010000 "rootfs_data"
mtd5: 00010000 00010000 "art"
mtd6: 00f80000 00010000 "firmware"
root@OpenWrt:/dev# mtd unlock kernel
Unlocking kernel ...
root@OpenWrt:/dev# mtd unlock art
Could not open mtd device: art
Could not open mtd device: art
root@OpenWrt:/dev# mtd unlock u-boot
Could not open mtd device: u-boot
Could not open mtd device: u-boot
root@OpenWrt:/dev# mtd unlock u-boot-env
Could not open mtd device: u-boot-env
Could not open mtd device: u-boot-env
root@OpenWrt:/dev# mtd unlock firmware
Unlocking firmware ...
root@OpenWrt:/dev#

(Last edited by hnyman on 24 Feb 2013, 22:31)

Thanks to your dump, my router is returned to life! 

I found a "safer" method (for me) to write the the caldata partition. 
I switch to an old Netgear firmware (1.0.0.16) that allow to unlock the caldata partition and then write it.

hnyman, you mentioned providing mtd0 and mtd1 from your WNDR3800 but I don't see them. Do you mind posting those?

I'm poking around to try and sort out the 128MB memory issues on a WNDR3700v2.

Thanks,
Jeff

I have re-uploaded those files to http://koti.welho.com/hnyman1/Openwrt/mtd/

Thanks! My WNDR3700v2 is successfully converted to a 64MB WNDR3800 while retaining my original ART data (MAC, serial, and whatever the "other" stuff in there is).

But this is off-topic for this thread; I'll update results here once I replace the RAM again to see if I can end up with a 128MB WNDR3800.

-Jeff

Hi all,

After a stock Netgear firmware upgrade (which seems to have failed), my WNDR3800 does not boot anymore : the power led stays steady amber.

I tried to flash it via TFTP, but I did not manage to accept an image (I tried various combinations of reboot and the reset button, but no other led is blinking), it does not even respond to ping.

Do you think there is any chance I can flash/repair it via serial console ? Can this be done via the USB port or only via the 4 pins ?

Many thanks,

Regards

Having only steady amber led sounds strange. Almost like the u-boot bootloader would have been damaged. (The usual situation after a failed flash is that green power led blinks slowly and router is in the TFTP recovery mode.) Regarding the TFTP mode, make sure that you have set your PC to a fixed 192.168.1.(2-253) address.

I have recovered my 3700v1/v2/3800s several dozen times via TFTP, so it should usually work. The advice in wiki about the TFTP mode is correct. http://wiki.openwrt.org/toh/netgear/wnd … lsafe.mode

The "only steady amber led" makes me to think that you might need a serial console connection to see what is happening.

Serial console works only via the 4 pins inside. It has nothing to do with the router's USB port.

(Regarding a possible serial connection: it may depend from the serial cable you use, but I had trouble with it if the serial connector was attached when I powered the router. It worked best if I first turned router on and then immediately connected the serial cable.)

(Last edited by hnyman on 26 Jan 2014, 16:00)

Thank you for your reply.

I already performed TFTP recovery with others routers, with this one it really doesn't seem to work. You confirm my worries that the steady light is quite a bad sign. I just ordered a USB-TTL cable, I'll see I can sort it out.

Hello,

I just managed to connect my serial cable (thanks for the tip, it indeed works only when connecting just after power on).
Here is the log :

U-Boot 1.1.4 (May 27 2011 - 14:58:01)

DNI HW ID: 29763654 flash 16MB RAM 128MB (ar7100) U-boot dni25 V0.1
DRAM:  b8050000: 0xc0140180
128 MB
Top of RAM usable for U-Boot at: 88000000                                                                                            
Reserving 265k for U-Boot at: 87fbc000                                                                                               
Reserving 192k for malloc() at: 87f8c000                                                                                             
Reserving 44 Bytes for Board Info at: 87f8bfd4                                                                                       
Reserving 36 Bytes for Global Data at: 87f8bfb0                                                                                      
Reserving 128k for boot params() at: 87f6bfb0
Stack Pointer at: 87f6bf98
Now running in RAM - U-Boot at: 87fbc000
id read 0x100000ff
flash size 16MB, sector count = 256
Flash: 16 MB
*** Warning - bad CRC, using default environment

From what I read (http://lists.denx.de/pipermail/u-boot/2 … 71670.html), I have to performe saveenv.

However I can't get any "working" console (ctrl-C does nothing). How can I fix my router ?

Thanks you

Regards

How does the u-boot log continue?

Although the is a warning, that log looks normal so far. Netgear has not initialised the u-boot environment and u-boot complains about it, but it should continue forward.

It should continue after the warning message. This is a normal boot from my 3800:

U-Boot 1.1.4 (May 27 2011 - 14:58:01)

DNI HW ID: 29763654 flash 16MB RAM 128MB (ar7100) U-boot dni25 V0.1
DRAM:  b8050000: 0xc0140180
128 MB
Top of RAM usable for U-Boot at: 88000000
Reserving 265k for U-Boot at: 87fbc000
Reserving 192k for malloc() at: 87f8c000
Reserving 44 Bytes for Board Info at: 87f8bfd4
Reserving 36 Bytes for Global Data at: 87f8bfb0
Reserving 128k for boot params() at: 87f6bfb0
Stack Pointer at: 87f6bf98
Now running in RAM - U-Boot at: 87fbc000
id read 0x100000ff
flash size 16MB, sector count = 256
Flash: 16 MB
*** Warning - bad CRC, using default environment

In:    serial
Out:   serial
Err:   serial
Net:   ag7100_enet_initialize...
CHH:mac: 0 if: 2
CHH:mac:verify: 0 if: 00000002
: cfg1 0xf cfg2 0x7014
in rtl8366s_phy_setup mac=-1476803788
after rtl8366s_initChip ret=0
eth0: 74:44:xx:xx:xx:e7
eth0 up
CHH:mac: 1 if: 1
CHH:mac:verify: 1 if: 00000001
: cfg1 0xf cfg2 0x7014
in rtl8366s_phy_setup mac=-1476803308
eth1: 74:44:xx:xx:xx:e8
eth1 up
eth0, eth1
Trying eth0
: unit 0 phy is up...RGMii 1000Mbps full duplex
#259:ag7100_set_mac_from_link
: pll reg 0x18050010: 0x11110000
: cfg_1: 0x1ff0000
: cfg_2: 0x3ff
: cfg_3: 0x8001ff
: cfg_4: 0xffff
: cfg_5: 0xfffef
: done cfg2 0x7215 ifctl 0x40605060 miictrl 0x22

 Client starts...[Listening] for ADVERTISE...checksum bad
checksum bad
checksum bad
TTchecksum bad
checksum bad
checksum bad
T
Retry count exceeded; boot the image as usual

 nmrp server is stopped or failed !
Hit any key to stop autoboot:  0
   Verifying Checksum ... OK
### SQUASHFS loading 'image/uImage' to 0x80800000
### SQUASHFS load complete: 1029363 bytes loaded to 0x80800000
## Booting image at 80800000 ...
   Image Name:   MIPS OpenWrt Linux-3.10.13
   Created:      2013-10-09  14:31:56 UTC
   Image Type:   MIPS Linux Kernel Image (lzma compressed)
   Data Size:    1029299 Bytes = 1005.2 kB
   Load Address: 80060000
   Entry Point:  80060000
   Verifying Checksum ... OK
   Uncompressing Kernel Image ... OK
No initrd
## Transferring control to Linux (at address 80060000) ...
## Giving linux memsize in bytes, 134217728

If it runs into a bad firmware flash, it should notice it and go to TFTP recovery mode.

Even if you have a serial connection, it will probably be easier to recover with the TFTP flash. Monitor the boot process via serial log and if the router goes into the TFTP recovery mode, just config your PC to have a fixed IP address 192.168.1.2 and use TFTP to send either a Openwrt factory.img firmware or an original Netgear WNDR3800 firmware. If the router is in the TFTP mode, you can simply just upload the firmware. No need to push any buttons etc.

This is a problem a year ago, from which I recovered via the TFTP mode:

: done cfg2 0x7215 ifctl 0x40605060 miictrl 0x22

 Client starts...[Listening] for ADVERTISE...checksum bad
Tchecksum bad
checksum bad
Tchecksum bad
T
Retry count exceeded; boot the image as usual

 nmrp server is stopped or failed !
Hit any key to stop autoboot:  0
   Verifying Checksum ... OK
### SQUASHFS loading 'image/uImage' to 0x80800000
lzma_fs returned unexpected result 0x1
SQUASHFS error: squashfs_readdir: read_block
### SQUASHFS LOAD ERROR<0> for image!
Trying eth0
: unit 0 phy is up...RGMii 1000Mbps full duplex
#259:ag7100_set_mac_from_link
: pll reg 0x18050010: 0x11110000
: cfg_1: 0x1ff0000
: cfg_2: 0x3ff
: cfg_3: 0x8001ff
: cfg_4: 0xffff
: cfg_5: 0x2fffef
: done cfg2 0x7215 ifctl 0x40605060 miictrl 0x22

The Router is in TFTP Server Firmware Recovery mode NOW!
Listening on Port : 69, IP Address: 192.168.1.1...

Rcv:
        .................................................................
        .................................................................
        .................................................................
        .................................................................
        .................................................................
        .................................................................
        .................................................................
        .................................................................
        .................................................................
        .................................................................
        .................................................................
        .................................................................
        .................................................................
        .................................................................
        .................................................................
        .................................................................
        ..........
Done!
Bytes transferred = 5374085 (520085 hex)
Erase 7 - 120 sectors...
First 0x7 last 0x78 sector size 0x10000                                      120
Copy image to Flash... write addr: bf070000
Done
Rebooting...

(Last edited by hnyman on 8 Feb 2014, 18:30)

The log does not continue...
or should I wait several minutes ?

I was pinging the router at the same but had not answer on 192.168.1.1, so the router did not go to TFTP mode.

Any idea ?

Well, that sounds bad. U-boot apparently just stops there.

I have never bothered to learn the correct u-boot commands to flash wndr3800 using it, so I can't give you the correct ones. But you might have to learn the commands :-(

You might first verify the contents of the current u-boot partition. Check the commands to download from u-boot (using the serial connection and kermit/ymodem/zmodem/xmodem/whatever...). Or use u-boot to set an IP address in the u-boot environment and then use TFTP to file transfer.

Try to download the u-boot partition to your PC. You can then compare it to the expected contents. My wndr3800 u-boot & u-boot-env have been uploaded to: https://www.dropbox.com/sh/t52c02rm20y8 … I23QzN/mtd

EDIT:
In wndr3800, the u-boot partition is first:
[    2.900000] 0x000000000000-0x000000050000 : "u-boot"
[    2.900000] 0x000000050000-0x000000070000 : "u-boot-env"
[    2.910000] 0x000000070000-0x000000ff0000 : "firmware"

(Last edited by hnyman on 8 Feb 2014, 19:11)

Yes it looks bad.

I can't actually enter any command on the serial console.