WNR3500L JTAG connection

3 posts / 0 new
Last post
lukma
lukma's picture
WNR3500L JTAG connection

Hi all,

I've bricked my WNR3500L router. I've connected the serial console to it, and I was trying to solve the problem described here:

http://www.myopenrouter.com/forum/thread/22764/Wrong-checksume-when-load...

Unfortunately I've erased the boot flash partition (from 0x00000000 to 0x00040000), so now I haven't got even the serial console and the orange and blue LEDs are poorly lit.

I'm going to use the JTAG to reflash CFE again.

Questions:

1. Where can I find the CFE sources or image for WNR3500L? The CFE which I had on my router (before I erased it accidentally) was lacking many features (e.g. help,printenv was not available). I've looked to the broadcom website for CFE, however I suppose that CFE for WNR3500L has to be patched in some way.

2. For the WNR3500L PCB board, there is a slot adjacent to the serial console. It has 12 pins. Following link:http://www.myopenrouter.com/article/10951/How-To-Use-A-JTAG-Cable-To-Rec...

and

http://www.myopenrouter.com/article/10935/Creating-a-JTAG-Cable-For-WGR6...

 present it as a JTAG cable connector for WGR614L. I assume that the same pinout is used for WNR3500L for JTAG connection. Is this correct? I've measured the voltage levels on those pins and they are 3.3V.

3. What kind of JTAG dongle is used to get access to BCM47xx SoC? I have Olimex ARM-USB-OCD, which is a simple FTDI based serial to JTAG converter. I plan to use OpenOCD with it. What JTAGs are used by myopenrouter.com developers to talk with SoC?

4. The WGR616L is using the tjtagv3 utility to reprogram CFE.

http://www.myopenrouter.com/forum/thread/12981/Need-a-copy-of-tjtagv3/

What other tools should be used to reflash the CFE binary in context of no parallel port based JTAG?

Can anyone share the knowledge how the CFE partition can be restored?

Thanks for help,

Lukasz

 

Kong
Kong's picture
http://www.dd-wrt.com/wiki
majess
majess's picture
Hi.

Hi.

I'm now able to use tjtag. I've access to the JTAG with WNR3500L.

Unfortunately it looks that since I've performed the -erase:wholeflash, I've erased cfe partition and caldata (which defines - among other things - what is the flash memory endianess - byteswap option).

Does anybody knows how to restore this setting? I'm now forced to perform manual bytesweap before putting correct CFE.BIN image to router to force it to boot.

The chip endianess setting may be the reason for no flashing the factory default image after downloading it with tftpd (CFE> Read ::)

One option would be to flash the whore flash memory with WHOLEFLASH.BIN image.
Does anybody has the whole flash image backed up for WNR3500L?
Second inconvenience is the time needed for flashing the whole memory chip.

If anybody knows better solution for restoring WNR3500L factory flash image, please share the knowledge.

Regards,
Lukasz