mercoledì 21 novembre 2012

Buffalo WBMR-HP-G300H How to recover from bricking


How to recover from bricking by saffo

 The router bootloader has a tftp client, which will try to connect to 192.168.11.2 and load a file called firmware.ram.

 1. Build ramdisk image. These images have uImage in their name, but you can't take the one which you get a during normal build or download. You have to setup a buildroot environment and configure it to build a ramdisk image (make menuconfig –> Target Images –> ramdisk). 

 Here's my (rename the file) firmware.ram

 And here is my latest trunk build as a backup r33530 (there is no dsl_control bug which is present in r34168)

 2. Install and start a tftp server. For linux there is a package called tftpd-hpa and on MacOS X TftpServer Version 3.4.1 was used. If you use Windows, you can use this free tftp-server tftpd32

 3. Copy the firmware.ram into the root directory of your tftp server (e.g. /srv/tftp or /var/lib/tftp or your current directory depending on your software)

 4. Setup your interface. It doesn't matter which port of the router you use. Set your IP to 192.168.11.2/24. 

 5. Push the AOSS button and power on the router. Keep the AOSS button for about 5 seconds pushed. When the AOSS button is pushed the LED below power will also light up on start. You can verify with wireshark, if everything works as expected. There should be a tftp request from 192.168.11.1 to 192.168.11.2 for a file firmware.ram. Then This file will be transmitted and after that the ip 192.168.11.1 vanishs, because you see your computer asking to whom this ip belongs.

 6. Wait. If you have wifi configured in your image you see wifi come up after a while. Another way is to ping 192.168.1.1 or the ip you have configured in your image. You may also do a DHCP request, which will be answered if your router booted fine. My router did not give any signal via LED if it is ready or not. Also during normal operation no LED is on, except for the one in the LAN ports.

 7. Flash a working image. Now you have access again, but keep in mind, that this image is not flashed and only runs in ram. Flash a clean image via your preferred way. You can do this with the webinterface or ssh/telnet and sysupgrade.

 I suggest you to use Wireshark during the entire process.

Remember to change the IP for your NIC to 192.168.1.XXX or use DHCP! The firmware.ram do not use 192.168.11.0/24

This is what I did once to recover from a brick(I don't really think it really was, but something went wrong). This is NOT entirely written by me but partially edited from the official openwrt wiki Buffalo WBMR OpenWrt Wiki
Pubblicato da alle

8 commenti:

  1. Burana25 novembre 2012 alle ore 09:00

    Hi! Does this method work for flashin from dd-wrt to stock firmware? If not, is it possible some how? tutorial? Thanks :)

    RispondiElimina
  2. Giuseppe De Luca25 novembre 2012 alle ore 11:28

    Hi there! :)

    I'm sorry to tell you that there is no way to recover the stock firmware, for now.

    I read someone has tried using the tftp with the stock firmware renamed firmware.ram but it didn't work.

    RispondiElimina
  3. Unknown16 giugno 2013 alle ore 18:36

    I've been trying this method for the past two hours tinkering with different values, using different software, with no avail. I don't know whether my router is talking to the tftp server on my Mac or not, the only led light working is the power light and nothing else… the aoss light also works when I press it as soon as the router starts, but i don't know if my router is repairable to tell you the truth. Are there any other methods? I bricked it using a firmware that wasn't compatible with it I think I used WZR-HP-300 which is a similar router but from a different region
    Any help would be appreciated
    Thanks

    RispondiElimina
    Risposte
    1. Giuseppe De Luca16 giugno 2013 alle ore 19:15

      Hello Ahmed,

      Thanks for your comment.

      Usually when you flash a router with a firmware from a different router you also screw up the CFE ( http://en.wikipedia.org/wiki/Common_Firmware_Environment ). You could try to recover you router with the jtag cable, but unfortunately there is no guide to do it for this buffalo yet.
      If you use a mac, you can download wireshark ( http://www.wireshark.org/ ) and see if there is a request for a firmware.ram while pressing AOSS button.
      If you don't know how to read the log in wireshark, send me your pcap file.

      - open wireshark and start recording the ethernet interface
      - power on the router with the AOSS button pressed for about 5 seconds
      - wait 1-2 minutes and close wireshark SAVING before quitting

      Elimina
  4. Emrah28 febbraio 2014 alle ore 07:16

    Everything worked as expected until 5. step. File is requested however timeout occurs and nothing sent to router.

    RispondiElimina
  5. Unknown18 novembre 2015 alle ore 05:08

    You saved my router!! just follow the instructions and download his firmware.ram file. I used a custom built openwrt chaos charmer image, but the stock download image would have worked as well.
    Thanks mate you are a legend!!

    RispondiElimina

Iscriviti a: Commenti sul post (Atom)