Removing dd-wrt firmware and restoring to factory condition (R6400v2)

24 posts / 0 new
Last post
nsarzyns
nsarzyns's picture
Removing dd-wrt firmware and restoring to factory condition (R6400v2)

Hey everyone, I'm having a massive amount of trouble reverting back to the OEM firmware. Oringally, when I installed a custom firmware it worked but I had to go back since I th 5Ghz band kept dropping out. When I tired to go back the router was bricked, soft bricked since I could ping it but nothing but an orange flashing power light. A 30/30/30 reset did nothing, Netgears tftp app did nothing, not even sending the oem firmware over tftp on the command line did anything. I eventually found out that there was serial header on the board so I hooked up to that and got Putty up and could see that it was at least alive.

Letting it boot, I saw that it eventually made it's way to tftp. I rebooted it, ctrl+c and manually entered tftpd, and sent the file. It did nothing, expect  spit out Board and Image ID's. I tried everything I could find online, erasing the nvram, using flash -noheader : flash1.trx and flash -noheader : nflash1.trx with sending the firmware file to it and then sending it go. Nothing everytime. I eventually tried to reflash the dd wrt firmware I had and it worked!! I can no access the router through the typical 192.168.1.1 address.

BUT, I cannot get the OEM firmware to flash still. Doing it through the UI, I upload it, it says flash successful, or something like that, reboots and is still the custom firmware. Any ideas what I should try?

TXUSA
TXUSA's picture
I ranted about this one the

I ranted about this one the forum before (so please no complaints)... the firmware that Netgear posted on their own website is absolutely useless. It can't be flashed because one byte in the code is wrong... which happens to identify to the router that this firmware is for this particular router. I complained... up to this day is hasn't been fixed. I know how to fix it but... I am not sure if that is legal. LOL

nsarzyns
nsarzyns's picture
Do you know the byte that's

Do you know the byte that's incorrect? I have no issue using a hex editor to change it.

I'm almost thinking about sending it back to Netgear under RMA since it's still under warrenty. These's no void if remove sticker so how could they know? Just destory the nvram and flash and tell them to fix it. I've never had an issue with the r7000 which is at my parents house, but this I am

TXUSA
TXUSA's picture
I did use a hex editor to fix

I did use a hex editor to fix it... but I haven't tried it out yet... I have that router but not have the need to use the file (more about being prepared if the moment comes). I will see if I can post a screenshot that shows it...

TXUSA
TXUSA's picture
Ok so it doesn't look like I

Ok so it doesn't look like I can just embed a picture in here. Not a big deal... I'm going to copy and paste... I used HdX as my editor.

This is the 4th line from the top when the Netgear firmware file is opened... the original looks like this:

00000030 30 30 5F 4E 45 54 47 45 41 52 48 44 52 30 00 E0      00_NETGEARHDR0.à

now what you want to do is... change the first byte, which is 30 into 32... which will change the first number on the text side from a 0 to a 2 as shown below...

00000030 32 30 5F 4E 45 54 47 45 41 52 48 44 52 30 00 E0      20_NETGEARHDR0.à

Changes are in bold to make it clearer... at this point, save the file without touching anything else... this changes the board ID to the correct name.

If you do this... please post here if it worked... I am curious. Wish I had a better answer but this might be your best shot at fixing this.

 

TXUSA
TXUSA's picture
HxD is what I used to edit...

HxD is what I used to edit... my apologies. Damn fingers......

TXUSA
TXUSA's picture
Side note... if you use Putty

Side note... if you use Putty (and/or a generic tftp application), always download the 32 bit version, even if you have 64 bit Windows. Otherwise it might not work right. I had that problem once and it almost drove me nuts until I realized that the 64 bit version is very touchy.

nsarzyns
nsarzyns's picture
Will do! I will try this

Will do! I will try this after work today and post my results. I ended up getting a new router from a really good deal but I'm determined to fix this as I'd be nice to have a backup or something like that.

arnoboun
arnoboun's picture
A few months ago, I went

A few months ago, I went through the same ordeal as you. Definitely frustrating and time-consuming. Since the unit was still under warranty, I ended up contacting Netgear tech support. Said that the router wasn't booting properly. They gave me basic troubleshooting steps. Afterwards, they asked what color was the power LED. Told them solid amber. They gave me an RMA and I was able to received a replacement unit.

nsarzyns
nsarzyns's picture
I tired it and nothing. It

I tired it and nothing. It still boots with the dd wrt firmware

nsarzyns
nsarzyns's picture
Did they cover shipping both

Did they cover shipping both ways?

arnoboun
arnoboun's picture
My router also booted into

My router also booted into the DD-WRT firmware before I sent it out to Netgear. They didn't really ask me about what was done to the router. At least in my experience, they were more concerned about the LEDs and if I was able to access the Netgear router setup page successfully. I had to pay to ship the router to Netgear but that was the only cost. 

nsarzyns
nsarzyns's picture
Okay cool, thank you! I'll

Okay cool, thank you! I'll call them tomorrow. I'm actually buying my third router now and returning the Linksys I bought since it has trouble with me defining my own DNS. I'm giving Amplifi a try.

nsarzyns
nsarzyns's picture
Also @TXUSA, thank you for

Also @TXUSA, thank you for your advice, I appreciate it. 

TXUSA
TXUSA's picture
Well... I am going to

Well... I am going to possibly try to flash the (altered) factory firmware to test it... I switched back to my Linksys 1900 router, I seem to get more reliability out of it. 

nsarzyns
nsarzyns's picture
Let me know if you have any

Let me know if you have any luck with it. I had a linksys 1750 which had issues with me choosing my own dns. The netgear was okay with it but the Linksys wasn't. I really liked their UI though.

TXUSA
TXUSA's picture
I have a Linksys 1900AC and I

I have a Linksys 1900AC and I originally had DD-WRT on it... it was "just alright". Little did I know that OPENWRT works fantastic with the Marvel chipset... DD-WRT isn't even supporting my Linksys anymore... DD-WRT had issues with the drivers I suppose, not sure why OPENWRT includes the latest drivers. Guessing the code is set up in a different way. Once I had it set up and set up a separate guest network I swapped it out and I am very happy with the signal strength and reliability. The GUI is definitely different, mostly based on drop downs... but I hear there are a ton of customizing/command options if you know what you're doing (I mostly just want the router and the guest network... no custom setup). I'll find a use for the Netgear though, even if it just being a fancy wireless bridge.

renatus
renatus's picture
Hi, I had the same issue

Hi, I had the same issue (stuck with kong firmware on r6400v2) and I solved it flashing the Brainslayer build.

Check the following:

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=312828&postdays=0&postor...

https://wiki.dd-wrt.com/wiki/index.php/Supported_Devices#Netgear

ftp://ftp.dd-wrt.com/betas/2018/06-16-2018-r36154/netgear-r6400v2/

I used the netgear-r6400v2-webflash.bin file and it worked for me

cheers

ashansol
ashansol's picture
I know this is old, but this

I know this is old, but this thread helped me solve my problem. I had to improvise, so I hope it may help someone in the future! Just FYI, I started with DD-WRT image from the supported database. Big fail - use Kong's (or maybe Brainslayers as it seemed to work for renatus). The database version has some very problematic results. Mine failed to respond to either WAN or LAN address when they were on different subnets. Trying to flash back to factory was also an epic fail. I used a serial connection to see what was going on - it's a SEGV fault using the web interface.

As the OP said, attempts to use the Netgear FW via tftpd failed, just spewing the Board ID and Image ID. This is not the actual point of failure. When it spits this info out, it's because there is a discrepancy between what the flash software is expecting and what it's receiving. The failure is on the part of the DD-WRT image. That image overwrites the Board ID to T30 - I have no idea why but it does. If, like me, your Board ID is T20, it will STILL fail. This is because the firmware is written BY Netgear for use ON Netgear - so the Image ID is -ALWAYS- T00.... which will ALWAYS fail! (Netgear firmware autodetects the correct Board ID so Image ID is irrelevant).

As TXUSA pointed out - the failure is in a single byte of the firmware file. It always reads T00 regardless of Board ID, because Netgear's software scans and correctly identifies the actual board. A flashed DD-WRT mistakenly sets the Board ID to T30 (In my case), and mistaken or not, it's failed identity. I used TXUSA's method of modifying the firmware .chk file so that the Image ID matched the Board ID. After that, I got a "programming..." prompt from my serial session.

Bottom line - compare the TXX Image ID and Board ID and edit the .chk file per TXUSA's instructions so they match. It's not necessarily T20 or T30.

My R6400v2 is back to stock firmware thanks to this post. So yeah, thanks to OP and TXUSA! Hope this can help someone else trying to restore stock firmware!

 

For the record, now that it's back to stock, I'm going to flash Kong's version :)

 

Best regards,

Ash

deltazero
deltazero's picture
Now that there is a proper

Now that there is a proper Kong build which identifies the router correctly, would returning to stock firmware using the netgear firmware work as normal? Or is it still messed up?

TXUSA
TXUSA's picture
The Kong build is still in

The Kong build is still in the testing phase but should be "official" soon. The fix for the board ID only really matters if your router is bricked and you can't flash the netgear firmware through the DD-WRT web interface. If you need to telnet/use a serial connection... yes you need to change the ID accordingly because there is some kind of a hardware check in the chipset itself and if it doesn't find the correct ID it will reject it. Let's say you have the new Kong firmware installed that correctly identifies the router model as 6400v2 then you should be able to just flash the netgear firmware through your browser interface. I haven't tested that yet so I can't confirm it but that's the theory...

egc
egc's picture
On the latest Kong Firmware

On the latest Kong Firmware for the R6400v2 (36840) you can use the Netgear stock firmware to flash back from the GUI. (My advice use the V1.0.2.52 firmware version)

On earlier Kong firmware (36820) you still have to use a modified stock firmware file.

When using TFTP or serial you have to use a modified stock firmware file because the CFE checks boardid.

Check the R6400v2/R6700v3 install the guide:

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399&sid=4892d9991135c...

kenhull
kenhull's picture
try using the Initial

try using the Initial firmware (the oldest) file from the Netgear support site.  Was the only thing that reverted me back to stock from the KONG-ddwrt.

agrash
agrash's picture
For a very long time I tried

For a very long time I tried to restore my native firmware on the Netgear r6400v router (from DD-WRT).

In the end I managed to do this with the help of firmware R6400v2-V1.0.2.52_U12H332T20_NETGEAR and hard reset (30-30-30).
Process of flashing was very long (I suppose, more then 10-15 minutes).

Do not attempt to start a new operation with a router (flashing, restart router, etc.) if you see a flashing or a burning red power button.