Recover Dead R6250 via JTAG Only (no ethernet)?

12 posts / 0 new
Last post
gnu_B
gnu_B's picture
Recover Dead R6250 via JTAG Only (no ethernet)?

 

Hello...

I have a R6250 that I do not know the history of..

After testing it out, I see that it will light up, flash several pretty icon lights, and finally sit there blinking it's green POWER ON light.

Suspecting it to be bricked, I followed the de-bricking guide.

  • open router (check)
  • integrated external Jtag serial connector so as to work properly and look nice (check)
  • built USB-to-serial (3.5v) connector observing RX>TX and TX>RX (check)
  • obtained suitable terminal program (Tera Term) (check)
  • established successful connection with R6250 (check)
  • got a response from the router as per the example (check)

 I even got:

Start TFTP server
Reading:: 

 

My problem is that I am still not able to establish an Ethernet connection with the R6250

My IP is fixed at 192.168.1.12 (255.255.255.0)

when I ping 192.168.1.1 I get:

 C:\Users\gnu_B>ping 192.168.1.1

Pinging 192.168.1.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.

 

When I  looked more closely at the messages from the r6250, I noticed these lines:

Checking crc...Boot program checksum is invalid
Device eth0 has been deactivated.

 

So, it looks like I need to find another way to load new firmware.

I see that Tera Term has  Send File... command.

Should that be my next move???

I think that I'm pretty close to success and I don't want to mangle the R6250.

Please advise,

-gnu_B

gnu_B
gnu_B's picture
Here is the information that

Here is the information that is scrolling at boot-up after doing a 30-30-30 reset:

[code]
Decompressing...done

SHMOO VER 1.13

PKID07DC06011801080000000000001A103F01000000

S300402B3
00002100

RDLYW0 00000004

RDENW0 00000044

RDQSW0

0000000000111111111122222222223333333333444444444455555555556666
0123456789012345678901234567890123456789012345678901234567890123
00 -------++++++++++++++++++++++++++++X++++++++++++++++++++++++++++
01 ---------+++++++++++++++++++++++++++X+++++++++++++++++++++++++++
02 ----++++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++
03 ----++++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++
04 ----++++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++
05 ---------+++++++++++++++++++++++++++X+++++++++++++++++++++++++++
06 ---++++++++++++++++++++++++++++++X++++++++++++++++++++++++++++++
07 ---------+++++++++++++++++++++++++++X+++++++++++++++++++++++++++
08 -------++++++++++++++++++++++++++++X++++++++++++++++++++++++++++
09 -----------++++++++++++++++++++++++++X++++++++++++++++++++++++++
10 --------++++++++++++++++++++++++++++X+++++++++++++++++++++++++++
11 -------------+++++++++++++++++++++++++X+++++++++++++++++++++++++
12 -----+++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++
13 ----------+++++++++++++++++++++++++++X++++++++++++++++++++++++++
14 --------++++++++++++++++++++++++++++X+++++++++++++++++++++++++++
15 ---------+++++++++++++++++++++++++++X+++++++++++++++++++++++++++

PW0

0000000000111111111122222222223333333333444444444455555555556666
0123456789012345678901234567890123456789012345678901234567890123
00 ---++++++++++++++++++++++++++++++X++++++++++++++++++++++++++++++
01 -------++++++++++++++++++++++++++++X++++++++++++++++++++++++++++
02 -+++++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++++
03 -+++++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++++
04 ++++++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++++
05 -----+++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++
06 ++++++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++++
07 -----+++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++
08 ++++++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++++
09 -----+++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++
10 ++++++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++++
11 ------+++++++++++++++++++++++++++++X++++++++++++++++++++++++++++
12 -+++++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++++
13 -----+++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++
14 --+++++++++++++++++++++++++++++++X++++++++++++++++++++++++++++++
15 ----++++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++

NW0

0000000000111111111122222222223333333333444444444455555555556666
0123456789012345678901234567890123456789012345678901234567890123
00 -------++++++++++++++++++++++++++++X++++++++++++++++++++++++++++
01 ---------+++++++++++++++++++++++++++X+++++++++++++++++++++++++++
02 ----++++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++
03 ----++++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++
04 ----++++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++
05 ---------+++++++++++++++++++++++++++X+++++++++++++++++++++++++++
06 ---++++++++++++++++++++++++++++++X++++++++++++++++++++++++++++++
07 ---------+++++++++++++++++++++++++++X+++++++++++++++++++++++++++
08 ------+++++++++++++++++++++++++++++X++++++++++++++++++++++++++++
09 -----------++++++++++++++++++++++++++X++++++++++++++++++++++++++
10 --------++++++++++++++++++++++++++++X+++++++++++++++++++++++++++
11 -------------+++++++++++++++++++++++++X+++++++++++++++++++++++++
12 -----+++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++
13 -----------++++++++++++++++++++++++++X++++++++++++++++++++++++++
14 -------++++++++++++++++++++++++++++X++++++++++++++++++++++++++++
15 ---------+++++++++++++++++++++++++++X+++++++++++++++++++++++++++

WRDQW0

0000000000111111111122222222223333333333444444444455555555556666
0123456789012345678901234567890123456789012345678901234567890123
00 +++++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++++-
01 +++++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++++-
02 +++++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++++-
03 +++++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++++-
04 +++++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++++-
05 +++++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++++-
06 +++++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++++-
07 +++++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++++-
08 +++++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++++-
09 --++++++++++++++++++++++++++++++X++++++++++++++++++++++++++++++-
10 +++++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++++-
11 --++++++++++++++++++++++++++++++X++++++++++++++++++++++++++++++-
12 +++++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++++-
13 +++++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++++-
14 +++++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++++-
15 +++++++++++++++++++++++++++++++X+++++++++++++++++++++++++++++++-

WRDMW0 00000031
WRDMW0 00000031

ADDR

0000000000111111111122222222223333333333444444444455555555556666
0123456789012345678901234567890123456789012345678901234567890123
00 +++++++++++++++++++++++++++++++X+S++++++++++++++++++++++++++++++

Decompressing...done

CFE for Foxconn Router version: v1.0.14
Build Date: Thu Feb 21 16:35:23 CST 2013
Init Arena
Init Devs.
Boot up from NAND flash...
Boot partition size = 262144(0x40000)
DDR Clock: 533 MHz
Info: DDR frequency set from clkfreq=800,*533*
et0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 6.30.163.2002 (r382208)
CPU type 0x0: 800MHz
Tot mem: 262144 KBytes

Device eth0: hwaddr 28-C6-8E-67-60-98, ipaddr 192.168.1.1, mask 255.255.255.0
gateway not set, nameserver not set
Checking crc...Boot program checksum is invalid
Device eth0 has been deactivated.
Device eth0: hwaddr 28-C6-8E-67-60-98, ipaddr 192.168.1.1, mask 255.255.255.0
gateway not set, nameserver not set
Start TFTP server
Reading ::
[/code]

Best,

-gnu_B

Subhra
Subhra's picture
As per my knowledge is

As per my knowledge is concerned, if you are not being able to get ping responses from ethernet in bootloader prompt then JTAG is only option to recover your board.

gnu_B
gnu_B's picture
That's pretty much what I

That's pretty much what I have decided, too.

So far, I have not been able to locate a forum or thread or tutorial describing how to proceed.

Any help in that direction would be appreciated.

BTW, I have followed the directions available in several tutorials regarding establishing a JTAG connection, and it is working for me. However, some of my local dork friends insist that it is not JTAG, it is serial. I'm confused, but it is working, nonetheless.

Thanks,

-gnu_B

Subhra
Subhra's picture
If you provide links of the

If you provide links of the tutorial you reffered then I can verify whether it is for JTAG connection or Serial connection setup.

gnu_B
gnu_B's picture
Subhra said: If you provide

Subhra said: If you provide links of the tutorial you reffered then I can verify whether it is for JTAG connection or Serial connection setup.

 I have been pouring through many tutorials, and not bookmarking all of them. But here's on that referred to JTAG"

Also HERE IS ONE PHOTO if my R6250 board showing the area where I attached my connection.

And HERE IS A CLOSEUP of the attachment point.

But by JTAG or Serial, I am able to establish a serial dialog with the router.

My real question is how to flash a new firmware using only serial, as I am not able to get a ping from the ethernet port.

Is it actually possible?

If it is possible, how is it done?

-gnu_B

 

cdb8457
cdb8457's picture
Did you ever find out answers

Did you ever find out answers to this? I am going to have to come to this option also.

gnu_B
gnu_B's picture
My router is working, I'm

My router is working, I'm using it now. It works very well.

As I mentioned before, I made a serial connector for the unit.

I took the router to a local technical club, to ask advice from those wiser that myself.

I expected that someone would be able to tell me how to reflash without ethernet.

What ended up happening is that someone with very deep knowledge of routers in general, and linux, was able to use BusyBox, which is a utility that is already in the router, to turn the Ethernet port back on.

Once that was done, it was pretty straight forward.

The whole process took about an hour and a half, he was working like a mad man and I didn't really learn very much about the process.

But I am very grateful to have my router running.

-gnu_B

cdb8457
cdb8457's picture
Well thanks for the reply...

Well thanks for the reply... Only another thing I get to try and read about!! Oh joy

cdb8457
cdb8457's picture
Did you ever find out answers

Did you ever find out answers to this? I am going to have to come to this option also.

gnu_B
gnu_B's picture
My router is working, I'm

My router is working, I'm using it now. It works very well.

As I mentioned before, I made a serial connector for the unit.

I took the router to a local technical club, to ask advice from those wiser that myself.

I expected that someone would be able to tell me how to reflash without ethernet.

What ended up happening is that someone with very deep knowledge of routers in general, and linux, was able to use BusyBox, which is a utility that is already in the router, to turn the Ethernet port back on.

Once that was done, it was pretty straight forward.

The whole process took about an hour and a half, he was working like a mad man and I didn't really learn very much about the process.

But I am very grateful to have my router running.

-gnu_B

cdb8457
cdb8457's picture
Well thanks for the reply...

Well thanks for the reply... Only another thing I get to try and read about!! Oh joy