What's new

CFE bootloader update

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
my english is terrible, so please what are advanges to upgrade the bootloader ?

Well my friend at this moment ''NONE'' because the firmwares made by ddwrt and merlin just dont support native 64k NVRAM so we have to wait till ddwrt or tomato or someone else comes up with something
 
Well my friend at this moment ''NONE'' because the firmwares made by ddwrt and merlin just dont support native 64k NVRAM so we have to wait till ddwrt or tomato or someone else comes up with something

Don't think that's quite true actually, if you read what RMerlin wrote earlier

That has no incidence at all. The RT-AC66U also has a 64 KB CFE, and it works just fine. The code only handle cases where only 32 KB are detected.

So imo both RMerlin wrt and Shibbys tomato 101 will use native 64 KB CFE already as kernel hack won't be used because 32 KB won't be detected.
 
Don't think that's quite true actually, if you read what RMerlin wrote earlier



So imo both RMerlin wrt and Shibbys tomato 101 will use native 64 KB CFE already as kernel hack won't be used because 32 KB won't be detected.

Yes, this might be, but flashing this cfe does not add anything to that, they still work, with or without it.

So still no upside to flashing this.

And I really hope Ryzhov and the ones who found this out take no offense by this post because this might come in handy real soon....

And thank you Ryzhov and the others (if there are any), this is something that should have been there from the first release of this device.
Thank you!
 
Go over to dd-wrt, Fractal has compiled 64k nvram builds for those of us who have done the cfe fix.
 
WARNING!

Before people start rushing and flash random DD-WRT versions with random CFE versions... Having the wrong CFE and DD-WRT combination will BRICK your router!

Everything should be safe as long you stick with Asuswrt, Asuswrt-Merlin or Tomato. But when it comes to DD-WRT, be 1000% sure you know what you are doing before flashing DD-WRT on the RT-N66U!

There's a discussion thread on the dd-wrt forum about this. If you still do want to try DD-WRT, make sure to read the WHOLE thread.
 
I can confirm that this is working with DD-WRT special build.. RMerlin is 100% correct YOU MUST know what you are doing.. You are flashing a physical part of that router that could result in perm-brick. That being said this is not a kernel hack its actual 64k cfe with support. I think there will be a few how to's that may surface that will show screenshots on what you should be seeing on your screen.

I welcome any questions,

-Fractal
 
I only just bought the ASUS RT-N66 a week ago because I read it was a nice router to play with the firmware. There appears to be a thriving community here on SNB. Nice!

What a start... I updated to the latest Asuswrt firmware, then Asuswrt-Merlin, and from there following the instructions in this thread I've just updated the bootloader / cfe.

It looks like Asuswrt-Merlin is the safest bet, but Tomato works too, and DD-WRT will work (after carefully matching the very latest build). Cool!

:D
 
Last edited:
So do I put the cfe.new file (133428 bytes) into the ..tmp/home/root directory (so inside the root directory where its empty) and just run the command: $ mtd-write -i cfe.new -d pmon?

EDIT: Originally I used WinSCP to transfer the file from the router to my Window 7 Desktop, and then used "My Network Place" to transfer the file over to Ubuntu running in the background simultaneously on Virtual Box; now I'm just making sure that I don't screw up on the most important part of this whole process.
 
Last edited:
I scp'd the cfe.new file from Ubuntu back to the same home directory on the router that the cfe.original file was created in:

scp ./cfe.new admin@192.168.1.1:~/cfe.new

# then telnet'd into the router (as admin) and from the home directory there i ran

mtd-write -i cfe.new -d pmon

# then i waited a minute before running

mtd-erase -d nvram

# then i power cycled the router, rather than typing 'reboot'
# then after reconnecting to the router with telnet i ran

cat /dev/mtd0ro | grep bl_version
# which should return 1.0.1.3

nvram get bl_version
# which should return 1.0.1.3
 
Last edited:
Locked out RT-N66U ?

Hi,

I cannot access my RT-N66U and am basically locked out:
- the power led is flashing slowly
- no ping response from 192.168.1.1
=> firmware recovery via asus firmware restoration does not work
=> tftp via linux does not work
- tried all resets

History:
- Initially on Shibby's tomatoUSB
- Switched to RMerlin's asuswrt for CFE update
- Updated to 64kB CFE
- mtd-erase -d nvram
- reboot
- configured the router and everything was OK
- Tried to reinstall latest Shibby 102 AIO: Router in emergency restore mode
- Started asus firmware restoration without static IP and the flashing aborted with an error at 97%.
- Tried with a static 192.168.1.2 IP and the same.
- Tried hard reset: Switched off router; pressed WPS; switched on router; waited 30s; unpressed WPS; waited; power cycle

Result: => Locked out of router !

Looks like the hard reset locked me out.


What options do I have now?


The router seems to go now by default into emergency recovery mode on power cycle.
There seems to be no way to access it via ethernet.

Would a serial connection be of help? Or JTAG?

Is there already a JTAG + software support available for RT-N66U?

Thanks.
 
Last edited:
Hi,

I cannot access my RT-N66U and am basically locked out:
- the power led is flashing slowly
- no ping response from 192.168.1.1
=> firmware recovery via asus firmware restoration does not work
=> tftp via linux does not work
- tried all resets

History:
- Initially on Shibby's tomatoUSB
- Switched to RMerlin's asuswrt for CFE update
- Updated to 64kB CFE
- mtd-erase -d nvram
- reboot
- configured the router and everything was OK
- Tried to reinstall latest Shibby 102 AIO: Router in emergency restore mode
- Started asus firmware restoration without static IP and the flashing aborted with an error at 97%.
- Tried with a static 192.168.1.2 IP and the same.
- Tried hard reset: Switched off router; pressed WPS; switched on router; waited 30s; unpressed WPS; waited; power cycle

Result: => Locked out of router !

Looks like the hard reset locked me out.


What options do I have now?


The router seems to go now by default into emergency recovery mode on power cycle.
There seems to be no way to access it via ethernet.

Would a serial connection be of help? Or JTAG?

Is there already a JTAG + software support available for RT-N66U?

Thanks.

Do you have the router connected to any other router/modem?

Disconnect the router from everything, do a hard reset (holding wps-button while powering up)

Set your computer to static adress 192.168.1.x, then connect it to the router on one of the LAN ports.

Open your browser and navigate to http://192.168.1.1 (this might take a while)
 
Last edited:
Also I had some trouble till I set my nic card to
192.168.1.12
255.255.255.0
192.168.1.1

I could be wrong. Often am. Lol.
 
Locked out of RT-N66U

Thanks for your replies.

Do you have the router connected to any other router/modem?

Disconnect the router from everything, do a hard reset (holding wps-button while powering up)

Set your computer to static adress 192.168.1.x, then connect it to the router on one of the LAN ports.

Open your browser and navigate to http://192.168.1.1 (this might take a while)


Also I had some trouble till I set my nic card to
192.168.1.12
255.255.255.0
192.168.1.1

I could be wrong. Often am. Lol.

The router is not connected to anything.
Computer has:
- static IP: 192.168.1.2
- mask: 255.255.255.0
- def gateway: 192.168.1.1

I did again the recommended WPS hard reset.

Pinging the router I get: Reply from 192.168.1.2: Destination host unreachable.

Used Wireshark to look at the communication and there is absolutely no sign of life of the router looking at the packets. The only source of packets is the computer, e.g. asking via arp for who has 192.168.1.1.

This means that most probably it should not be possible to unbrick the router via the ethernet cable.

I do not know, but maybe the hard reset and the new CFE lead to and inconsistent state.

So now the remaining options I see is to create a serial connection and see what the CFE tells us.

Then of course there is the last resort of JTAG; and LOM from the DD-WRT forum has confirmed that:
LOM said:
It has now been confirmed (by using TIAO buffered adapter and tjtag) that the RT-N66U has an active jtag port with standard pinout
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=159756&postdays=0&postorder=asc&start=45

Any other ideas?

Thanks.
 
I cannot access my RT-N66U and am basically locked out:
- the power led is flashing slowly
Ok, router is in recovery mode. It's not dead and waits your commands. But!

- no ping response from 192.168.1.1
=> firmware recovery via asus firmware restoration does not work
=> tftp via linux does not work
- tried all resets

History:
- Initially on Shibby's tomatoUSB
- Switched to RMerlin's asuswrt for CFE update
- Updated to 64kB CFE...
A new cured CFE now reads NVRAM variables as it should, include a last ip address of router.

For example, if you have set 192.168.2.1 then CFE will awaits you at 192.168.2.1.
 
Ok, router is in recovery mode. It's not dead and waits your commands. But!

A new cured CFE now reads NVRAM variables as it should, include a last ip address of router.

For example, if you have set 192.168.2.1 then CFE will awaits you at 192.168.2.1.

The weird thing is that the router was always on 192.168.1.1
I never changed it and had always access to asus original and RMerlin firmware as also Shibby's tomatoUSB.

Is there a way to verify which IP address CFE is using?

Thanks.
 
Yes, set following network adapter properties:
  • manual ip address assignment,
  • ip address: 192.168.1.2,
  • default gateway: 192.168.1.1,
and try to ping router:

You'll see TTL=100 as a CFE answer.

That exactly does not work:

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1



ping -t 192.168.1.1

Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.2: Destination host unreachable.
Reply from 192.168.1.2: Destination host unreachable.
Reply from 192.168.1.2: Destination host unreachable.
Reply from 192.168.1.2: Destination host unreachable.
Reply from 192.168.1.2: Destination host unreachable.


This was confirmed with a Linux computer too.

If CFE is listening then it looks like it does it at another IP.


Thanks.
 
Regardless of the router's IP, the CFE should still be able to answer to the Firmware Recovery tool on the recovery CD.

I'm not sure about the CFE applying the nvram IP. My RT-AC66U's CFE always answers to 192.168.1.1 despite the fact the configured IP is 192.168.10.1. Wouldn't make much sense for the recovery software to apply a potentially corrupted IP address from NVRAM - it has to use an hardcoded IP.
 
Regardless of the router's IP, the CFE should still be able to answer to the Firmware Recovery tool on the recovery CD.

I'm not sure about the CFE applying the nvram IP. My RT-AC66U's CFE always answers to 192.168.1.1 despite the fact the configured IP is 192.168.10.1. Wouldn't make much sense for the recovery software to apply a potentially corrupted IP address from NVRAM - it has to use an hardcoded IP.

That makes sense and definitively means, that:
- either this CFE has another hardcoded IP,
- or my router is locked in.

I already tried the typical IP addresses like:
192.168.1.1
192.168.2.1
10.10.10.1

The Firmware Restoration Utility says always that the Router is not in recovery mode.

Before starting with the hardware hacking I will write a little script to go through the whole IP address space of all *.*.*.1 and test if there is any response.


Thanks.
 
If CFE is listening then it looks like it does it at another IP.
Then try to clean (potentially) corrupted NVRAM: push and hold WPS button then turn N66 on.
Edit: Ops, you already done this.

I'm not sure about the CFE applying the nvram IP. My RT-AC66U's CFE always answers to 192.168.1.1 despite the fact the configured IP is 192.168.10.1.
It reads lan_ipaddr variable on my RT-N66U, here is an example.
 
Last edited:
Status
Not open for further replies.

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top