DoctorDroid
Hi everyone,
Still trying to debrick my WRT54GS v7. Now I know the zJTAG software and blackcat cable supports the router (from previous post). However, I cannot debrick it. I have found various CFE.BIN files for V7 WRT54GS, but I am not sure if any are actually for my router (Serial no starts CGNB).
Does anyone have a CFE.BIN for this particular version of the V7? I would be very grateful.
However, I have also cleared off what was on the flash chip and tried to flash various of the CFE.BIN files I have located on the net. I edited them using a hex editor to change the mac address codes in the files then followed the flashing instructions. The router stays bricked (all lan lights on, etc). I then download the CFE back off the router just to see that it is okay, but I see that it is now different from the one I flashed to the router. This is not random differences due to JTAG cable errors, since I can download it multiple times and all the downloaded files are identical. Hence, the data on the flash chip is not the same as the file I flashed. I need to figure out why this is happening, since I think the CFEs I flash to the chip will never work if they are altered.
I attach the original CFE I flashed and an example of the saved CFE coming back off the router. I just don't understand why the flashed information is being changed, since the flash process proceeds normally and reports no problems.
Anyone got any ideas? I posted this issue on the dd-wrt forum too, but so far nobody has given any thoughts. I am hoping the friendly people here will be able to assist me!
Thanks in advance for any ideas.
DoctorDroid
Well,
It is fixed. The problem turned out to be the Blackcat buffered JTAG cable, which is rather unfortunate. I was getting nowhere with what I was doing, since every time I erased the flash and then loaded a CFE back onto it, the router was still dead and downloading the flash off the router showed that it was different to the original. I messed about with all sorts of command line switches and nothing fixed the issue.
I therefore decided to make up a simple resistor-based jtag cable and use tjtag software (3-0-1). First I did a -probeonly /noreset and it immediately recognised the CPU and flash chip. I then erased the wholeflash twice (-erase:wholeflash /noreset) and then flashed the cfe (-flash:cfe /noreset). In all cases, I power cycled the router before each command and ran the command after the power had been restored for 2 seconds. The flash completed in about 450 seconds and I waited 2 minutes before power cycling the router again. This time, the lights all went out after a second and so I set up an ethernet connection and got nice TTL 100 responses. This allowed to me TFTP micro generic v24.bin onto the router, which then restarted itself and I could point a web brower to the IP of the router and see the dd-wrt welcome screen.
This has been a headache for a couple of weeks and it turned out that the issue was the cable. I guess I got a duff cable. I'll talk to the guys at DIYGadget.
Maybe the mods want to leave this thread open for now in case anyone has comments or questions. Not sure.
Thanks!