Tutorial ASUS ROUTERS JTAG RECOVERY

[GoNz0]

No kits
I have a computer with LPT port (it's such a big connector with 25 pins in it)
That's why I can use a simple dlc5 cable: just 5 wires and 4 100-Ohm resistors.

im sure I have an XP Dell machine up the loft with one of those!

 

[hggomes]

Yeah it seems it's on Matronix serial flash device.

Found an ST compatible serial flash with 32 64KB blocks; total size 2MB
Creating 2 MTD partitions on "sflash":
0x00000000-0x00040000 : "pmon"
0x001f0000-0x00200000 : "nvram"
Found a Samsung NAND flash with 2048B pages or 128KB blocks; total size 128MB
Creating 2 MTD partitions on "nflash":
0x00000000-0x02000000 : "linux"
0x001313e8-0x02000000 : "rootfs"
NAND device: Manufacturer ID: 0xec, Chip ID: 0xf1 (Samsung NAND 128MiB 3,3V 8-bit)
Creating 2 MTD partitions on "brcmnand":
0x00000000-0x02000000 : "trx"
0x02000000-0x07f00000 : "brcmnand"

 

[Vaesel]

Just want to say that i have given up. Have now thrashed the AC66U in the bin... Its eayser to buy a new or a better one.

Many thanks to those that helped out so far!

/Vaesel out

 

[hggomes]

You are right about it, it's alot easier...

 

[bbsc]

im sure I have an XP Dell machine up the loft with one of those!

Not sure XP will let you direct writing to the port. I'd prefer to use Linux.
But you can always try.

Yeah it seems it's on Matronix serial flash device.

Great, now the question is how to configure bcm4706 with macronix SPI and how to read and write it.
Can you determin the base address?

Just want to say that i have given up. Have now thrashed the AC66U in the bin... Its eayser to buy a new or a better one.

Each of us enjoys different things

 

[hggomes]

LOL

It seems that for SPI you only have two options:

1. Remove the SPI.
2. Load a OS over JTAG to the RAM and then flash SPI, but that requires to disassemble the bootloader to see how it initialises the sdram controller.

I'm also on the same situation with AC68U and NAND, hope i don't end here with Vaesel solution

 

[bbsc]

Are you sure?
OpenOCD has several drivers to work with serial flash.
Isn't it possible to rewrite it inside the board?

 

[hggomes]

Yeah i'm sure, i talked with the support / experts from #openocd.

But you can always give it a try, go there and ask again

 

[bbsc]

Ok, let's do a little soldering. Not a big problem.
But I don't really think Asus resolder SPI every time they need to reprogram it.
There must be a way to do it in a more civilized way.

 

[hggomes]

They should have their own tools i guess, i don't think they need to solder anything.

 

[bbsc]

It seems that for SPI you only have two options:

Can't we upload original CFE to RAM and boot it using jtag?
It would give us an opportunity to reflash firmware if needed, to boot it, then to connect via telnet/SSH and reflash CFE.

 

[hggomes]

Unfortunatelly no, those are the two only options here.

 

[bbsc]

Ok, guys, my AC66U is up and running like little black devil

Drinking beer and bursting with pride to be the first (I believe) who has repaired damaged cfe in AC66U.

 

[Vaesel]

Ok, guys, my AC66U is up and running like little black devil

Drinking beer and bursting with pride to be the first (I believe) who has repaired damaged cfe in AC66U.

That sounds good but even better if you describe in details how you did it - thats what this thread is for right?

So for me your AC66U is still as dead as a roadkill until you enlight us all in details how you did it.

/Vaesel

 

[bbsc]

thats what this thread is for right?

Not exactly, the thread is about JTAG.
It was "option one" like hggomes would say
In two words I've soldered the SPI chip off, erased it, flashed cfe backup and soldered the chip in again.
A very simple tool was used for flashing operations.
Sound simple but you'll have to solder very small things and be very careful.

Good news is that now we do know what must be done.

Bad news is that when I soldered MX25L1606E off i tried to read it.
It's dump was totally different from cfe backup. Moreover, the programming tool was unable to identify the chip.
That's why I used another chip which I had accidentally, MX25L1605, to repair the router.
Now the original chip waits for examining and I'll do it a little later.
I want to say that it looks like not cfe was the problem itself but cfe-writing process was the problem.

 

[Vaesel]

Not exactly, the thread is about JTAG.
It was "option one" like hggomes would say
In two words I've soldered the SPI chip off, erased it, flashed cfe backup and soldered the chip in again.
A very simple tool was used for flashing operations.
Sound simple but you'll have to solder very small things and be very careful.

Good news is that now we do know what must be done.

Ohh so make a new thread on how to...

And you still dident tell what hardware etc. you used and the site you link to is czech and yes i know google translate...

Not a good behavior when you know that others has a similar thing.

In other words, you havent fixed anything since you just replaced the chip with one that worked... And in other words you need a broke AC66U with a working SPI to get it fixed - so my guess is that you have several AC66U that are broken since you "accidentally" had the right chip with the right "code" on.

/Vaesel

 

[bbsc]

No offence Vaesel, please.
I'll do my best to help others if I can.
I don't know czech too but all you need there in that site is the program spipgm and flashing tool schematic.
I really have only one AC66U , the second chip was from old Dell laptop motherboard, if you want to know. Dell uses such cips for BIOS in their computers.

Do you have a computer with LPT port?

 

[Vaesel]

No offence Vaesel, please.
I'll do my best to help others if I can.
I don't know czech too but all you need there in that site is the program spipgm and flashing tool schematic.
I really have only one AC66U , the second chip was from old Dell laptop motherboard, if you want to know. Dell uses such cips for BIOS in their computers.

No offence but:

You are telling me that a old dell laptop uses the same CFE partion with the exact CFE config file as a AC66U ?
Or did you re-program that old SPI from the dell laptop and why dident you do it with the one from AC66U?

Yes i have a PC with LPT and Tumpa usb jtag and a Raspberry Pi
So please use more time to elaborate on how to - i dont care if it takes all week for you - i have plenty time to wait for it

/Vaesel

 

[bbsc]

No, I'm telling you that old dell laptops (and many other computers) use very similar chips.
Of course, the chip must be reflashed with Asus CFE to work in Asus router.

Why did I do so?
Because the original chip seems to me to be damaged. I've left it alone for further experiments.
But you can try to reflash original chip, why no.

 

[Vaesel]

No, I'm telling you that old dell laptops (and many other computers) use very similar chips.
Of course, the chip must be reflashed with Asus CFE to work in Asus router.

Why did I do so?
Because the original chip seems to me to be damaged. I've left it alone for further experiments.
But you can try to reflash original chip, why no.

You make no sence to me other than your AC66U SPI chip was broken - but replacing has nothing to do with fixing it. So in my world your AC66U is still broken and not fixed the way we seek in this thread - No offence just plain truth.

/Vaesel out - since this is a dead end.