Hi

First of all: sorry for my English. I'm from Germany.

I tried to put openwrt on my Wr850g via the Web-Inteface of the original Motorola Firmware. Unfortunately I accidental unplugged the Ethernet Cable during the flashing process. After this mistake i couldn't ping it and tftp, telnet, etc. doesn't work as well. So i built a Jtag cable. The simple one with 4 resistors. The plan says that you have to use 100 Ω resistors but i only got 470 Ω ones, so I tried with them. The cable works fine (already erased nvram and cfe successfully) but  the mentioned problem appears:  The flashing process always hangs at the same point: [  3% Flashed]   1fc01ff0

Has anyone an idea, how to solve this?

thx in advance

$ ./wrt54g -flash:cfe /noreset /nobreak /fc:27

====================================
WRT54G/GS EJTAG Debrick Utility v4.8
====================================

Probing bus ... Done

Instruction Length set to 5

CPU Chip ID: 00000100011100010000000101111111 (0471017F)
*** Found a Broadcom BCM4702 Rev 1 CPU chip ***

    - EJTAG IMPCODE ....... : 00000000100000000000100100001000 (00800908)
    - EJTAG Version ....... : 1 or 2.0
    - EJTAG DMA Support ... : Yes

Issuing Processor / Peripheral Reset ... Skipped
Enabling Memory Writes ... Done
Halting Processor ... Skipped
Clearing Watchdog ... Done

Manual Flash Selection ... Done

Flash Vendor ID: 00000000000000000000000000000100 (00000004)
Flash Device ID: 00000000000000000010001011111001 (000022F9)
*** Manually Selected a MBM29LV320BE 2Mx16 BotB    (4MB) Flash Chip ***

    - Flash Chip Window Start .... : 1fc00000
    - Flash Chip Window Length ... : 00400000
    - Selected Area Start ........ : 1fc00000
    - Selected Area Length ....... : 00040000

*** You Selected to Flash the CFE.BIN ***

=========================
Flashing Routine Started
=========================
Total Blocks to Erase: 7

Erasing block: 1 (addr = 1fc00000)...Done
Erasing block: 2 (addr = 1fc04000)...Done
Erasing block: 3 (addr = 1fc06000)...Done
Erasing block: 4 (addr = 1fc08000)...Done
Erasing block: 5 (addr = 1fc10000)...Done
Erasing block: 6 (addr = 1fc20000)...Done
Erasing block: 7 (addr = 1fc30000)...Done

Loading CFE.BIN to Flash Memory...
[  0% Flashed]   1fc00000: 10000817 00000000 00000000 00000000
[  0% Flashed]   1fc00010: 00000000 00000000 00000000 00000000
[  0% Flashed]   1fc00020: 00000000 00000000 00000000 00000000
[...]
[  3% Flashed]   1fc01fc0: 00000000 00000000 00000000 00000000
[  3% Flashed]   1fc01fd0: 00000000 00000000 00000000 00000000
[  3% Flashed]   1fc01fe0: 00000000 00000000 00000000 00000000
[  3% Flashed]   1fc01ff0: 00000000 00000000 00000000 00000000

I am not an expert of JTAG. - I can not help You judging if the resistors that You used are ok.  I would just try different combinations of switches, plunging unplugging the power cable - I had similar problem and I tried the same procedures for cuple of days - with no result and one day - managed to flash CFE and the I could flash the router without and extra switches (/fc /noreset /nobreak etc.).
For future generations - before playing with JTAG after bad flashing use serial port (which I see does not look too simple in case of wr850 version 1).

Cheers
Michal

PS. Where did You get the CFE.BIN ?

thanks for your reply.

ok,then i keep trying:P

i got the CFE.BIN from this thread at DD-WRT Forum: klick
I dont know if theres a difference between the CFE.BIN for v1 and v2 of the wr850g. does anybody know? and if yes, could someone please upload CFE.BIN for v1 me?

I know that there is difference between v2 and v3. At this point (flash process stopping) You won't feel it, but there is a grate chance that after You finally manage to flash it Your router won't boot. I would try looking for somebody on forum with v1 and kindly ask for help.
HINT. You don't need JTAG to get CFE.BIN from a _working_ router. Look at http://wiki.openwrt.org/BackupAndRestore
It can be done by executing from router shell:

mount -o remount,ro /dev/mtdblock/0 /jffs
dd if=/dev/mtdblock/0 > /tmp/CFE.BIN
mount -o remount,rw /dev/mtdblock/0 /jffs

I don't have my wr850g (unfortunately v3) anywhere around so I am not 100% sure if CFE is in "/dev/mtdblock/0" but let's say 80% - if it is 64k than it is ok.

Good luck:)
Michal

PS. Can somebody more experienced with JTAG tell us what does the situation look like with these resistors - 4~5 times stronger resistors make the flash process stuck ?

i have a working wr850g. it runs with the original motorola firmware. is there a way to backup the cfe.bin with this kind of firmware or do i have install openwrt on it? tftp maybe?

Honestly - I guess You would have to install openwrt to obtain CFE with the method I mentioned. But in Your case - You can also do it by JTAG (just reading the content of flash). The choice is up to You...

Michal

for enabling jtag on a WR850g v1 you have to do that:

i'm glad that i made it the first time, but i dont want to try this as second time:P
I also dont want to install openwrt on it. (I dont want to have two destroyed routers:P)

Is there any other way to get the CFE.BIN from a working router?

I get Your point:)
Ask at the forum - search for wr850g owners already using openwrt. I.e. try asking ropf (http://forum.openwrt.org/viewtopic.php?id=9029)

Good luck:)
Michal

Ps. Don't forget to ask for NVRAM too...

I decided to put openwrt on my second router, to get a working nvram.bin and cfe.bin. I dont trust the Web-Interface flashing method, so i tried to get a tftp connection, but it didn't work. I put the Motorola 4.03 Firmware on it and did nvram set boot_wait=on and nvram commit on /frame_debug.asp. But i can't establish a tftp connection to 192.168.10.1. I followed the instructions on the wikipage, but it didn't work. I read in an other forum that i have to use the WAN port for tftp, but this didn't work as well. Any Ideas?

ed: url-tag

(Last edited by LenniZeppelin on 18 Sep 2007, 15:22)

Of curse You have 192.168.10.xxx address on the network interface that You are trying to launch the tftp?  Make sure that You can ping the router.
I was hooked up to LAN ports - not the WAN port.
You also know that You need to do the procedure on the router boot - trying to send the firmware just seconds before You plug it in to the power?

Tftp method was recommended long time ago (when I bricked my router:) ) and I guess that now the "easiest" way is the www method.

If You don't like the www method and TFTP is not working for You - ask wr850g v1 owners for the necessary files - You won't brick Your second router this way....

Michal

i don't know why tftp doesn't work. i did everything like in the insturctions.
I asked some users via email for the files, but i didn't get a response by now. Also i couldn't find a lot of users who use v1. So if anyone here has CFE.BIN for wr850g v1: could you please send it to me? thx...

ed:
i've got a cfe.bin now. tftp suddenly worked and i was able to install openwrt on my second router and backup cfe.bin. Of course i instantly tried to flash the new cfe.bin on my router, but it didn´t work again.
The flashing process always stops at [  3% Flashed]   1fc023f0
i have no idea, what i should do...
but i keep trying. maybe it works suddenly, like the tftp connection;)
if i get some 100 Ω resistors i'm going to replace the 470 Ω ones in my jtag Adapter, maybe that helps.

P.S.: Im going to upload cfe.bin and nvram.bin and post the link here. Maybe anyone needs them sometime;)

ed²:
CFE.BIN and NVRAM.BIN for Motorola Wr850g v1 (probably doesen't work for other flash chips than AMD AM29LV320DB)

(Last edited by LenniZeppelin on 19 Sep 2007, 19:26)

i just noticed that my working router has a AMD AM29LV320DB flash chip and the bricked router has a MBM29LV320BE chip. Is there a difference between the cfe.bin for these two chips?

Ed: i made it:D I got another CFE.BIN (thanks to eko from dd-wrt board) maybe the CFE.BIN of a wr850g v1 with a AM29LV320DB chip doesn't work for a wr850g v1 with a MBM29LV320BE chip.

i uploaded the CFE.BIN and NVRAM.BIN that worked for my router with a MBM29LV320BE flashchip:
CFE.BIN
NVRAM.BIN

Thanks for your Help yans!

(Last edited by LenniZeppelin on 19 Sep 2007, 19:27)