TJTAG - EJTAG De-Brick tool - IMPORTANT CHANGE:See 1st Post.

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> General Questions
Goto page Previous  1, 2, 3 ... 24, 25, 26 ... 82, 83, 84  Next
Author Message
Tornado
DD-WRT Developer/Maintainer


Joined: 07 Jun 2006
Posts: 2087
Location: Odessa, Ukraine

PostPosted: Sun Aug 24, 2008 6:03    Post subject: Reply with quote
I have a G v4, that is supposed to be the same amkeup as the TM's, I never have used /noreset when eraseing, only /noemw..if it works for you great, but maybe try without it, I also only use /noreset when flashing a Gv8, GSv7's...not with the Gv4 models.. try not using it.

also, on the troublesome routers you might want to try using /nodma once whne flashing, let it die or kill it after it gets past your sticking point, and then re-issue the flash. Let me know ?
Note: /bypass is only for flashchips that support it, the only way to know if it does is to look at the datasheet for the flash...

_________________
Want JTAG support - Donate a router
or Donate with PayPal !

My preferred parallel jtag adapter:
TIAO Parallel adapter

Tjtag website - http://tjtag.com

Compiling DD-WRT on:
AMD Phenom II X6 1090T @ 3926.667 Mhz

Aptosid X64 - Debian SID X64
Ubuntu 10.10 X64 - Arch X64
Sponsor
spide21
DD-WRT Novice


Joined: 02 Sep 2008
Posts: 8

PostPosted: Tue Sep 02, 2008 17:47    Post subject: Reply with quote
Hello to all:

I was trying to update the dd-wrt to version 24 sp1 and suddenly after I power cycle my router it got bricked, the power is blinking constantly.

I tried to erase wholeflash, following @Evandro steps but i was wondering where to get a good cfe.bin or a bsp.bin so I can load it on to the flash memory.

I backed up cpe.bin, bsp.bin, kernel.bin and wholeflash.bin just in case.

I've read on this forum that cfe.bin is a boot loader vx... and bsp.bin is Linksys, correct me if I am wrong, so which one should I use?

My router specs are:

- WRT54GS V7
- Broadcom BCM5354 KFBG Rev 2
- AMD 29lv160DT 1Mx16 TopB

@Tornado:

Is it possible for you to send me either bsp.bin or cfe.bin?, thxs in advanced.

Also, thx to this forum, it has really helped me out Razz
Tornado
DD-WRT Developer/Maintainer


Joined: 07 Jun 2006
Posts: 2087
Location: Odessa, Ukraine

PostPosted: Wed Sep 03, 2008 3:51    Post subject: Reply with quote
@spide21
Send me your wholeflash... tornado@odessaua.com

I will send ytou back your original BSP.BIN and a CFE

RE: CFE is a broadcom bootloader, BSP is a VxWorks booloader

_________________
Want JTAG support - Donate a router
or Donate with PayPal !

My preferred parallel jtag adapter:
TIAO Parallel adapter

Tjtag website - http://tjtag.com

Compiling DD-WRT on:
AMD Phenom II X6 1090T @ 3926.667 Mhz

Aptosid X64 - Debian SID X64
Ubuntu 10.10 X64 - Arch X64


Last edited by Tornado on Wed Sep 03, 2008 5:46; edited 1 time in total
spide21
DD-WRT Novice


Joined: 02 Sep 2008
Posts: 8

PostPosted: Wed Sep 03, 2008 5:22    Post subject: Reply with quote
@Tornado:

File have been sent.
spide21
DD-WRT Novice


Joined: 02 Sep 2008
Posts: 8

PostPosted: Wed Sep 03, 2008 18:34    Post subject: Reply with quote
@Tornado:

Thanks for the bsp.bin and cfe.bin files, but the cfe size is 196K, but on the copy I have is 256. I think my backups are bad.

I did apply the bsp.bin and nothing happened, then I applied cfe.bin and all the led on the GSv7 remains off, but when I plugged the network cable on port 1 and I was able to ping it and also I was able to transfer dd-wrt.v24_micro_generic.bin, but nothing happened, the power led all the time remains off.

Should I apply dd-wrt.v24_micro_generic.bin or WRT54GSv7_7.50.5_fw_US_code.bin?.

In case the cfe.bin (the one you sent me with 196K) be wrong, How can I do to have a 256K cfe.bin file?

-->When I erased the wholeflash i did:

tjtagv2 -erase:wholeflash /noreset

-->To flash the bsp.bin I did:

tjtagv2 -flash:bsp /noreset /bypass

I wrote /bypass because when flashing only with "tjtagv2 -flash:bsp /noreset" it went very slow, Did i do wrong?

-->To flash the cfe.bin I did:

tjtagv2 -flash:cfe /noreset /bypass

Again I wrote /bypass because without it the flashing process went very slow.

need help Confused
Tornado
DD-WRT Developer/Maintainer


Joined: 07 Jun 2006
Posts: 2087
Location: Odessa, Ukraine

PostPosted: Wed Sep 03, 2008 19:10    Post subject: Reply with quote
spide21 wrote:
@Tornado:

Thanks for the bsp.bin and cfe.bin files, but the cfe size is 196K, but on the copy I have is 256. I think my backups are bad.

tornado:
The CFE is a pure CFE, it is not padded, once you flash it tjtag will pad it to 256k

I did apply the bsp.bin and nothing happened, then I applied cfe.bin and all the led on the GSv7 remains off, but when I plugged the network cable on port 1 and I was able to ping it and also I was able to transfer

tornado:
after flashing the BSP you need to goto http://192.168.1.1 and enter the linksys firmware only
CFE = DD-WRT
BSP = Linksys firmware

dd-wrt.v24_micro_generic.bin, but nothing happened, the power led all the time remains off.

tornado:
after tftping the dd-wrt firmware, you need to wait, say two min...it takes time to write it to flash !

Should I apply dd-wrt.v24_micro_generic.bin or WRT54GSv7_7.50.5_fw_US_code.bin?.

tornado:
Depends on CFE or BSP, se above


In case the cfe.bin (the one you sent me with 196K) be wrong, How can I do to have a 256K cfe.bin file?

tornado:
Because when you back up, it is automatically padded to 256k

-->When I erased the wholeflash i did:

tjtagv2 -erase:wholeflash /noreset

tornado:
I use only /noemw to erase...unless the flash supports /bypass, what flash chip is it ?

-->To flash the bsp.bin I did:

tjtagv2 -flash:bsp /noreset /bypass

tornado:
This is correct if the flash chip supports bypass

I wrote /bypass because when flashing only with "tjtagv2 -flash:bsp /noreset" it went very slow, Did i do wrong?

-->To flash the cfe.bin I did:

tjtagv2 -flash:cfe /noreset /bypass

Again I wrote /bypass because without it the flashing process went very slow.

need help Confused

_________________
Want JTAG support - Donate a router
or Donate with PayPal !

My preferred parallel jtag adapter:
TIAO Parallel adapter

Tjtag website - http://tjtag.com

Compiling DD-WRT on:
AMD Phenom II X6 1090T @ 3926.667 Mhz

Aptosid X64 - Debian SID X64
Ubuntu 10.10 X64 - Arch X64
spide21
DD-WRT Novice


Joined: 02 Sep 2008
Posts: 8

PostPosted: Wed Sep 03, 2008 22:53    Post subject: Reply with quote
@Tornado:

- Thanks for explanation, now I understand why the cfe.bin was 196K.

Quote:

Tornado:
after flashing the BSP you need to goto http://192.168.1.1 and enter the linksys firmware only
CFE = DD-WRT
BSP = Linksys firmware


--> When I flashed the bsp.bin it did not let me do ping nor accessing the web application, that's why I also flashed the CFE.bin, as soon as I flashed the cfe.bin the router started reponding to pings, but the http://192.168.1.1 service was not avaliable Crying or Very sad , eventhough the port 80 was opened, I checked it by doing a "telnet 192.168.1.1 80".

Now the question is, Which .bin should I use, because if I only flash bsp.bin, the router's lan and wan port remain lit (the power led remain off) and if I flash the cfe.bin (being bsp.bin already flashed) the power led remains all the time off (The Lan/Wan ports seems to be working because the only one active and lit, is the one conected to my pc)?.

It would be wonderful if I only flash the cfe.bin and the router allows me to do ping and get access to the web application, so I can load the DD-WRT V24, because the DD-WRT V24 Sp1 was consuming a lot of my router's memory.

Man, thanks for your help, I appreciate it. Cool
emersonvier
DD-WRT Novice


Joined: 16 Jun 2008
Posts: 35
Location: Sao Paulo, Brazil

PostPosted: Thu Sep 04, 2008 1:11    Post subject: Reply with quote
I try rebrick my WRT350n V1.0 and show below:

C:\tj\windows>tjtagv2 -erase:wholeflash /noemw

==========================================
EJTAG Debrick Utility v2.1.4-Tornado-MOD
==========================================

Probing bus ... Done

Instruction Length set to 8

CPU Chip ID: 00000100011110000101000101111111 (0478517F)
*** Found a Broadcom BCM4785 Rev 1 CPU chip ***

- EJTAG IMPCODE ....... : 00000000010000010000100100000100 (00410904)
- EJTAG Version ....... : 1 or 2.0
- EJTAG DMA Support ... : Yes
- EJTAG Implementation flags: R4k ASID_8 MIPS16 MIPS32

Issuing Processor / Peripheral Reset ... Done
Enabling Memory Writes ... Skipped
Halting Processor ... <Processor Entered Debug Mode!> ... Done
Clearing Watchdog ... Done
Probing Flash at (Flash Window: 0x1fc00000) ... Done

*** Unknown or NO Flash Chip Detected ***

*** REQUESTED OPERATION IS COMPLETE ***


C:\tj\windows>tjtagv2 -flash:cfe /noemw

==========================================
EJTAG Debrick Utility v2.1.4-Tornado-MOD
==========================================

Probing bus ... Done

Instruction Length set to 8

CPU Chip ID: 00000100011110000101000101111111 (0478517F)
*** Found a Broadcom BCM4785 Rev 1 CPU chip ***

- EJTAG IMPCODE ....... : 11111111000000010000100100000100 (FF010904)
- EJTAG Version ....... : Unknown (7 is a reserved value)
- EJTAG DMA Support ... : Yes
- EJTAG Implementation flags: R3k DINTsup MIPS16 MIPS32

Issuing Processor / Peripheral Reset ... Done
Enabling Memory Writes ... Skipped
Halting Processor ... <Processor did NOT enter Debug Mode!> ... Done
Clearing Watchdog ... Done
Probing Flash at (Flash Window: 0x1fc00000) ... Done

*** Unknown or NO Flash Chip Detected ***

*** REQUESTED OPERATION IS COMPLETE ***


C:\tj\windows>tjtagv2 -probeonly /noemw

==========================================
EJTAG Debrick Utility v2.1.4-Tornado-MOD
==========================================

Probing bus ... Done

Instruction Length set to 8

CPU Chip ID: 00000100011110000101000101111111 (0478517F)
*** Found a Broadcom BCM4785 Rev 1 CPU chip ***

- EJTAG IMPCODE ....... : 00000000100000010000100100000100 (00810904)
- EJTAG Version ....... : 1 or 2.0
- EJTAG DMA Support ... : Yes
- EJTAG Implementation flags: R4k MIPS16 MIPS32

Issuing Processor / Peripheral Reset ... Done
Enabling Memory Writes ... Skipped
Halting Processor ... <Processor did NOT enter Debug Mode!> ... Done
Clearing Watchdog ... Done
Probing Flash at (Flash Window: 0x1fc00000) ... Done

*** Unknown or NO Flash Chip Detected ***

*** REQUESTED OPERATION IS COMPLETE ***

Cn I help me?

EMERSON VIER
spide21
DD-WRT Novice


Joined: 02 Sep 2008
Posts: 8

PostPosted: Thu Sep 04, 2008 1:19    Post subject: Reply with quote
@emersonvier:

The same thing happened to me also, and what I did is to unplug the power cord from the router and then plug it in again and as soon it get powered on "hit enter", so it means that you need to have the command already written .
Tornado
DD-WRT Developer/Maintainer


Joined: 07 Jun 2006
Posts: 2087
Location: Odessa, Ukraine

PostPosted: Thu Sep 04, 2008 3:17    Post subject: Reply with quote
@spide21

After flashing the CFE, you have to tftp the DD-WRT firmware ONLY !!! If you use the CFE, you can only put DD-WRT firmware on it, no web interface will be available yet. You must also reboot after flashing the CFE, then tftp the DD-WRT firmware.

After tftping the DD-WRT firmware, wait 2 min. before you do anything, then try and goto the web interface, and or reboot..

If you erase the kernel or wholeflash before flashiing the CFE, you do not have to enter or issue you tftp command quickly, it will wait forever for tftp.

_________________
Want JTAG support - Donate a router
or Donate with PayPal !

My preferred parallel jtag adapter:
TIAO Parallel adapter

Tjtag website - http://tjtag.com

Compiling DD-WRT on:
AMD Phenom II X6 1090T @ 3926.667 Mhz

Aptosid X64 - Debian SID X64
Ubuntu 10.10 X64 - Arch X64
Tornado
DD-WRT Developer/Maintainer


Joined: 07 Jun 2006
Posts: 2087
Location: Odessa, Ukraine

PostPosted: Thu Sep 04, 2008 3:21    Post subject: Reply with quote
@emersonvier

What flash chip does it have in it ?

_________________
Want JTAG support - Donate a router
or Donate with PayPal !

My preferred parallel jtag adapter:
TIAO Parallel adapter

Tjtag website - http://tjtag.com

Compiling DD-WRT on:
AMD Phenom II X6 1090T @ 3926.667 Mhz

Aptosid X64 - Debian SID X64
Ubuntu 10.10 X64 - Arch X64
zaklee
DD-WRT Novice


Joined: 04 Sep 2008
Posts: 19

PostPosted: Thu Sep 04, 2008 3:30    Post subject: newbie needs help Reply with quote
Seems I got a little cocky and now have a problem. I think I've bricked my WAP54G and now I don't know what to do. I'm fine with web GUI interfaces but have no idea what to do with telnet or tftp. I'm generally good at following instructions but can't find any that explain (in explicit terms) how to fix this problem from my Mac running OS-X 10.5.4 (Network Utility and Terminal available - don't know what I'm doing with Terminal).

Anyone care to share?

BTW, I think I bricked it by trying to flash v24 Micro from Firefox. I didn't find the warning against Firefox until looking for a solution to the problem I created. Resets don't work but I can ping it all day. No activity light ever. Link and Power are on. No web interface available.
zaklee
DD-WRT Novice


Joined: 04 Sep 2008
Posts: 19

PostPosted: Thu Sep 04, 2008 4:01    Post subject: stupid simple Reply with quote
The answer was stupid simple. I downloaded MacTFTP Client and used it to flash the Linksys firmware back on to the unit. It was very easy and everything is back to original. Now I just need to figure out how to get the dd-wrt firmware loaded...
spide21
DD-WRT Novice


Joined: 02 Sep 2008
Posts: 8

PostPosted: Thu Sep 04, 2008 13:25    Post subject: Reply with quote
Quote:
-->When I erased the wholeflash i did:

tjtagv2 -erase:wholeflash /noreset

tornado:
I use only /noemw to erase...unless the flash supports /bypass, what flash chip is it ?

My flash ship is : AMD 29lv160DT 1Mx16 TopB
spide21
DD-WRT Novice


Joined: 02 Sep 2008
Posts: 8

PostPosted: Thu Sep 04, 2008 18:01    Post subject: Reply with quote
Ok after reading Tornados' instructions this is what i did:

Before I started the router lan and wan leds where lit and the power led was off, I couldn't ping the router and also I could not ftfp it.

1- The first thing I did was:

tjtagv2 -erase:wholeflash /noreset

==========================================
EJTAG Debrick Utility v2.1.4-Tornado-MOD
==========================================

Probing bus ... Done

Instruction Length set to 8

CPU Chip ID: 00100101001101010100000101111111 (2535417F)
*** Found a Broadcom BCM5354 KFBG Rev 2 CPU chip ***

- EJTAG IMPCODE ....... : 00000000100000010000100100000100 (00810904)
- EJTAG Version ....... : 1 or 2.0
- EJTAG DMA Support ... : Yes
- EJTAG Implementation flags: R4k MIPS16 MIPS32

Issuing Processor / Peripheral Reset ... Skipped
Enabling Memory Writes ... Done
Halting Processor ... <Processor Entered Debug Mode!> ... Done
Clearing Watchdog ... Done
Probing Flash at (Flash Window: 0x1fc00000) ... Done

Flash Vendor ID: 00000000000000000000000000000001 (00000001)
Flash Device ID: 00000000000000000010001011000100 (000022C4)
*** Found a AMD 29lv160DT 1Mx16 TopB (2MB) Flash Chip ***

- Flash Chip Window Start .... : 1fc00000
- Flash Chip Window Length ... : 00200000
- Selected Area Start ........ : 1fc00000
- Selected Area Length ....... : 00200000

*** You Selected to Erase the WHOLEFLASH.BIN ***

=========================
Erasing Routine Started
=========================
Total Blocks to Erase: 35

Erasing block: 1 (addr = 1fc00000)...Done
Erasing block: 8 (addr = 1fc70000)...Done
...
Erasing block: 33 (addr = 1fdf8000)...Done
Erasing block: 34 (addr = 1fdfa000)...Done
Erasing block: 35 (addr = 1fdfc000)...Done
=========================
Erasing Routine Complete
=========================
elapsed time: 15 seconds

*** REQUESTED OPERATION IS COMPLETE ***

2- Then, I applied the cfe.bin sent by Tornado:

tjtagv2 -flash:cfe /noreset /bypass

but googling I found a tool to read what's inside the cfe and there is not vxworks.bin file in it, this is what i read:

wrt_vx_imgtool -v cfe.bin

WRT54G/GS v5-v6 firmware image builder, extractor, fixer, and viewer
v0.94 beta - Jul 26 2006 by Jeremy Collake (jeremy@bitsum.com)
-----------------------------------------------------------------------------
+ Found parameter, view firmware
+ Infile parameter cfe.bin

Extracting firmware cfe.bin
Firmare file size is 200624 bytes

Code pattern: ↨
Build date: 00-00-00
Vendor name:
Device name:
Checksum: 0x00000000 (given)
Checksum: 0x7BB3ED37 (calculated)
Checksum INCORRECT

+ Trailing files:

+ Primary files:
-
File descriptor 0
Type Id: 0
Name:
Size: 0
-
File descriptor 1
Type Id: 0
Name:
Size: 0
-
File descriptor 2
Type Id: 0
Name:
Size: 0
-
File descriptor 3
Type Id: 0
Name:
Size: 0
-
File descriptor 4
Type Id: 0
Name:
Size: 0
-
File descriptor 5
Type Id: 0
Name:
Size: 0
-
File descriptor 6
Type Id: 0
Name:
Size: 0
-
File descriptor 7
Type Id: 0
Name:
Size: 0

Done!

OK, cfe.bin was flashed then waited for 2 minutes and power cycle. After power cycle the Lan and Wan leds where lit and power led was off. I could not ping nor tfpt the dd-wrt.v24_micro_generic.bin file to the router.

--------------
For the bsp.bin file this is what i read:

bsptool /v tornado_bsp.bin

bsptool v0.4 - (c)2006 Jeremy Collake - http://www.bitsum.com

Viewing BOOTP block ...

BOOTP block
codep : 0x57475635
checksum : 0xd252 (calculated: 0xfb2d)
bootcode ver : 0x1000205
model : WRT54GS
vendor : LINKSYS_en
country : US
serial # : CGNC1G530298
hardware ver : 1.0
pciid : 0x49d6
config : 0x2b
mac1 : 00-1c-10-08-b7-a1
mac2 : 00-1c-10-08-b7-a2
boot string : tffs:(0,0)host:/fl/vxWorks.bin h=192.168.1.100 e=192.168.1.1:fff
fff00 u=target tn=targetname f=0x8
View done

Question:

Is the file bsp.bin correct?
-------------------------------------
help Sad
Goto page Previous  1, 2, 3 ... 24, 25, 26 ... 82, 83, 84  Next Display posts from previous:    Page 25 of 84
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum