Upload new firmware to bricked WNR3500L

11 posts / 0 new
Last post
bier
bier's picture
Upload new firmware to bricked WNR3500L

Hi

I bricked my WNR3500L when trying to get a self compiled openwrt on it. I'm now not able to flash the original firmware over tftp.

Here's a list how i tried it:

- Assigned fix IP to laptop, connected to WNR3500L over a switch.

- "ping -t -w 2 192.168.1.1" was successfull, i got an answer for two seconds after the reboot.

- made several attempts for the right time to send the command "tftp -i 192.168.1.1 put WNR3500L-V1.0.2.26_30.0.98.chk"

- Also tried the same thing with the openwrt firmware.

- In the end after two/three successful pings the router just continues and ignores my tftp command...

I read about the serial cable thing. But i think (or hope) there must be a way to just tftp the firmware.

Any ideas?

many thanks in advance

lukas

 

 

bier
bier's picture
ginchiller said: just worth a

ginchiller said: just worth a try; instead of the tftp command try PumpKIN tftp software set your ip adress of the network interface to 192.168.1.24 (or an ip adress in the same range that isn´t used/has a lease), connect to some port on the router(not wan), hard reboot and send through pumpkin the original firmware, there is a special timing needed, so just try it a few times please tell me if it worked out for you PS forgot to mention; also try holding the reset button while rebooting, hold it, press it few times, also this has to be done a few times to be sure it is not working like that ;)

hi ginchiller

thanks for your help. i tried the pumpkin tftp and the reset. but it didn't solve my problem. have you been able to flash a wnr3500l with only tftp and the original firmware?

greetings

lukas

bier
bier's picture
so i'll try it again.

so i'll try it again.

thx for your help!

bier
bier's picture
hi

hi

i had time to test again. thanks so far for the help provided.

@ginchiller: it's unfortunately not a timing issue, tried it many (!) times...

@tathagata das: i'm not able to access the board. ping is not working. the only thing i'm able is when im rebooting i'm getting 1-4 times a ping. sending differents firmware images (original/openwrt/ddwrt) over tftp didn't work. it was definitely not a timing issue. windows firewall was turned off... i also tried it from two different pcs. nothing worked.
i don't have a serial cable (and i really don't want to use one, as i may brick the router several times more. i'm just to lazy to get a screwdriver everytime...). As ginchiller mentioned, the tftp way worked also fine for me on several wrt54gl.
i'm pretty sure that the firmware is not working. it was a first attempt... if you still want to check it out. which way would you like to receive the firmware?

Thanks

Lukas

bier
bier's picture
Hi

Hi

I'm still around with a bricked wnr3500l. Is it possible to load a new firmware without buying that usb cable?

Lukas

Brandon C
Brandon C's picture
If using Windows you might

If using Windows you might try this to get pings faster to your computer on re-boot of the router.
Grab a Network Hub.
Plug it into computer and set a static TCP/IP address to the computer as 192.168.1.10, default gateway 192.168.1.1, and 255.255.255.0.

Using the hub you don't have to wait on router bootup to get an IP address.

Then plug your router into the hub.
Start ping 192.168.1.1 and plug in your router. Watch and see if you get any replies at all. If you do you can try TFTP as soon as you get a ping reply. You may have to try it a few times to catch the right time.

bier
bier's picture
BrandonC said: If using

BrandonC said: If using Windows you might try this to get pings faster to your computer on re-boot of the router. Grab a Network Hub. Plug it into computer and set a static TCP/IP address to the computer as 192.168.1.10, default gateway 192.168.1.1, and 255.255.255.0. Using the hub you don't have to wait on router bootup to get an IP address. Then plug your router into the hub. Start ping 192.168.1.1 and plug in your router. Watch and see if you get any replies at all. If you do you can try TFTP as soon as you get a ping reply. You may have to try it a few times to catch the right time.

Thanks for your help BrandonC. As I already mentioned, nothing helped. 

 I just need to know if it is possible to flash a new firmware over tftp. Respectively if a tftp server is running on wnr3500l during cfe.

Fjonsson
Fjonsson's picture
Hi,

Hi,
Is there a way to fully restore the factory settings?

I successfull downloaded the original firmware to my WNR3500, and using the serial cable I can enter the BusyBox.

However, it seems some settings are still wrong. The ssid is the same as before I bricked the router but I get a very strange IP address and cannot access the internet. The router prompt me for password when I go to 192.168.1.1, but I can not log in using the standard password.

Update: By pressing and holding the reset button while powering up the router I managed to reset the NVRAM.

When holding the reset button down I see the following message on the serial output:

.
.
.
Committing NVRAM...done
Waiting for reset button release...

After releasing the button the memory is restored and the router boots normally!

Enveezee
Enveezee's picture
I bought a refurbished

I bought a refurbished WNR3500L last year, I love it and highly recommend it to anyone.. the only real drawback I found in it is the 3 internal antennas are not the best.. however it has 3 internal antenna headers and buying some nice big antennas, drilling 3 holes in the top to mount em, and attaching the cables is a rather trivial task. Anywho.. as for the matter of the "flashing green light" problem, this router IS recoverable from this state, I know I'm chiming in way late in the game for most people, but I wanna say this for those out there who are still trying to use these and having problems.. you can fix this issue over the network, and it IS a matter of timing.. you have a 2sec window from my experience.. lemme give you a rundown

First of all you're probably gonna wanna use linux, windows does everything slow and rather stupid, its not gonna be easy to get the timing right on windows and I'm not gonna go into that.. if you don't have linux on your machine you can get a thumbdrive and goto unetbootin.sf.net and use their program to put say PartedMagic or Ubuntu or something on a thumbdrive and boot off that for this.. far easier than obtaining a TTL USB cable and doing it that way for most people I'm sure..

First you need to goto netgear's website and download the original firmware (this may not be required, but to rule out any checksum issues if the router checks which I don't know, use the oldest firmware available just to get it unbricked) unzip/unrar that firmware and rename the file code.bin.

Next you need to get a hub.. I cannot stress this enough.. thing is, even on a more robust sane system like linux, the hardware itself does negotiation and such when the link status chages.. YOU DO NOT HAVE TIME FOR THAT TO HAPPEN! Therefore using a hub keeps your link up the whole time you're rebooting the router trying to hit this 2min window.. so if I have an ethernet interface eth1, I want to plug the cable from my linux box into the hub, open a root terminal and do "ifconfig eth1 192.168.1.2 netmask 255.255.255.0" and because I'm attached to a hub (I used my NETGEAR GS108 Gigabit switch for this), this link will remain active while I'm power cycling the router..

After you got the computer hooked up, you can just go ahead and start pinging now "ping 192.168.1.1" when you plug the router into the switch (make sure there is nothing else plugged into the router but one ethernet cable and the power cable, run that ethernet cable from port 1-4 not the WAN port, I used port 1) and when you turn it on and get to that blinking green light you should see ping replies coming back.. this tells you the router is at least working enough to complete this process.. turn the router off by removing the power cord or pressing the power button, you'll see your console still pinging and getting Destination Host Unreachable... leave that ping going the whole time this will be an indicator of what state the router is in.. move that window aside where you can still see it and open another terminal. I'm going to tell you to install atftp, on Debian which is what I use, "apt-get install atftp" if you don't use Debian or a deb os, then you might have to do some research on how to get this program or one like it.. what you need is a program that is a tftp client however you need one that lets you issue a single command.. for example "tftp" in debian is a program you open and it goes into a tftp> console like the old ftp programs used to work.. they're interactive.. you can't use these kinds of programs.. it takes too long.. as I said before you have about 2 seconds to get this right.. if you have arthritis or something you might wanna get a friend who can move faster.. timing is CRUCIAL.. atftp is an automatic thing that lets you specify all commands on the command line so you can have the command typed in and ready to press enter before you even turn the router on.. so from your 2nd terminal you wanna do:

atftp --option "mode octet" --option "timeout 60" --verbose --trace -p -l code.bin 192.168.1.1

if you're using something other than atftp what we're doing here is setting the transfer mode to octet which is probably default on most things, but thats what I used that works.. we're upping the timeout to a full minute just to avoid any problems if we issue the command early or need to try this a few times, this helps us hit that timing window without any extra things getting in our way like the network card's link status negotiation.. the trace option is just so we can see every packet being sent and ACKnowledged by the router to know its working, and verbose is there to make sure it's detailed output if anything messes up -p -l code.bin is telling the client to put the local file code.bin to the server as soon as t connects.. this is key.. and why we can't use interactive clients and risk being able to type out "put code.bin" fast enough and press enter before the router tries to load the bad firmware and goes into the flashing green..

Don't worry if the light starts flashing green again.. as long as this file transfer was done right and within that window while the light was orange (and if it passed checksum if the router even checks to see what you're uploading) the light will flash green a few times.. I'm guessing this is it actually flashing the firmware...if this all works correctly you should see a buncha ACK responses from the router as all the packets of that code.bin are uploaded, and for me about 5-10sec later the flashing green light will turn orange again.. the router will reboot and you'll see the light turn green and you'll see ping replies coming back again from 192.168.1.1 in that other terminal window.. give it a few seconds and you should see the blue wifi light come on, and a few seconds after that you should be able to open a web browser to routerlogin.net or http://192.168.1.1 and you'll be running the original NETGEAR firmware where you can then either upgrade to the latest netgear firmware or start screwin it up some more with 3rd party firmwares :-P

Which is what I'm about to do now.. I just wanted to say it to anyone else crying over a bricked router, that this IS possible,, it just really is a sensitive matter of timing and preperation.. the router is in a FUBAR kinda state where its firmware is corrupted.. its only running these S.O.S. kinda routines for about 2 seconds when it first turns on to give you a chance to fix the problem.. and these routines are very core functionality of the router.. its just enough code to bring up the one interface, the tftp server, and accept a certain file.. you really don't understand how fast this happens and how much error can be introduced by the user and the system being used to do it.. you have to make every attempt to make the process go as quickly as possible.. use a switch/hub, have the commads pre-typed, use a constant ping to the router to gague which state its in.. and be quick about it when that orange light comes on, wait for that ping to come in.. and if you see more than 2 pings come back before you feel your finger hit that enter button, then you probably missed it.. you need to stop, take a breath, read this again, make sure you understand it.. have everything ready before you start the process..

JimAl
JimAl's picture
GinChiller,

GinChiller,
Thank you for the tip about PumpKIN TFTP server. With It I was able to get my router back into service. I had flashed the original Netgear firmware back into it to troubleshoot a problem but the default password was corrupted during the process,the router was running but I couldn't log into it no matter what I tried. I was able to get into the unit through telnet but I wasn't able to fix it that way. I tried many times to get the Netgear tftp and tftp2 to put the firmware but no luck.

I was able to use PumpKIN with a separate cmd window pinging the router and a 30 second reset to finally push the firmware onto the router.

Thanks
Jim

JimAl
JimAl's picture
GinChiller,

GinChiller,
Thank you for the tip about PumpKIN TFTP server. With It I was able to get my router back into service. I had flashed the original Netgear firmware back into it to troubleshoot a problem but the default password was corrupted during the process,the router was running but I couldn't log into it no matter what I tried. I was able to get into the unit through telnet but I wasn't able to fix it that way. I tried many times to get the Netgear tftp and tftp2 to put the firmware but no luck.

I was able to use PumpKIN with a separate cmd window pinging the router and a 30 second reset to finally push the firmware onto the router.

Thanks
Jim