TMCnet News
You tried the upgrade of open source firmware and all you got was a lifeless router. Here's how you can fix it. Maybe.(www.wi-fiplanet.com Via Thomson Dialog NewsEdge) One of the more exciting developments for networking enthusiasts has been the evolution of open-source firmware replacements for certain popular, inexpensive routers (usually the famed Linux-running Linksys WRT54G ). While replacement firmware offers the promise of significantly expanded features, greater customization, and mondo-tweakability, they also carry some risk. Should misfortune strike, you might oh, let s say, render your router into a useless hunk of plastic. Or, as victims prefer to say, you could brick it. How does a router become a brick? And if it does, is there any hope of bringing it back to life? The short answers: "by accident" and "yes...sometimes." How a Router Becomes a Brick Bricks are very good at holding up the walls of your house. Bricks are not very good at routing network traffic. You don t want your router to suddenly become one (likewise, you don t want the bricks in your walls to suddenly become routers although that would be pretty cool, no?). But sometimes it happens. Often, you can avoid this fate by understanding how a router can become a brick. There is an alchemy to turning a router to brick. The most common formula is the bad flash. When you upgrade the firmware in your router, you re basically swapping in a new brain in place of the old. This brain controls most of its cognitive functions. The upgrade process, described in The Open Source WRT54G Story , can require up to two minutes. If Something Bad happens during this process loss of power to the router, loss of network connectivity to the uploading PC you may have just bricked. When upgrading your firmware, try to prevent Something Bad from happening: Be sure the power source is secure. Only upgrade through a wired Ethernet connection, do not use a wireless connection. Be sure to manually configure the IP address on your uploading PC do not rely on automatic DHCP address assignment. Be sure to disable any software firewall running on your uploading PC, including the Windows firewall. RAM, Corrupted Your router has a small amount of on-board NVRAM , or non-volatile memory. Sometimes your flash upgrade will be successful, but your NVRAM will become corrupted. Often this happens when the firmware you uploaded to the router wasn t exactly the right version for your model. Be sure to read the upgrade instructions for your chosen firmware very, very, very carefully. For example, consider DD-WRT , one of the most popular open source firmware replacements for Linksys WRT series routers. DD-WRT is available in many flavors. There is a minimal build with only a base feature set. There is a generic build which lacks optimizations, and some model-specific builds, among other variants. When upgrading the router from the Linksys-branded firmware, you are supposed to step up by first installing the minimal DD-WRT build, and upgrading from there to a more feature-rich build. However, when upgrading your router through DD-WRT s Web interface, you're direct to use the generic build. Trip up on one of these finer points, and your upgrade may appear successful at first. But then, you configure the router, it reboots, and hello, brickville, city of bricks. Most likely, your successful flash upgrade produced corrupted NVRAM. You will always find message boards threads by those who have disobeyed the upgrade instructions without dire consequences. These people can also eat pizza for three meals daily and never gain weight, and smoke a pack a day until they re 98-years-old. In fact, they often smoke and eat pizza while upgrading their routers . But the rest of us we're not like them. Just follow the instructions, carefully. It s Dead, Jim! Despite best or not-so-best efforts, accidents happen. Maybe your flash upgrade failed or your router s memory became corrupted. You may have made a mistake somewhere in the process. It could have been buggy firmware itself. After all, these open source replacements come with no guarantees. The time for blame has passed. You ll know your router has been bricked because, well, it no longer works. More specifically, you will probably see the power light blinking steadily. You may see most of its other lights lit solid. If your router has a DMZ light, note whether it is lit at power on or whether it lights a few seconds later, or never at all. This information could be useful soon. Sometimes you can breathe new life into your bricked router. It is difficult to say exactly how often bricked routers are successfully revived, but often enough that a number of resurrection techniques have emerged. There is no guarantee that any of these will work. The methods devised by the networking community basically fall into two categories: gentle and desperate. The more popular gentle recovery techniques involve establishing basic network communications with your router through software, followed by reflashing back to known, good firmware. The desperate recovery techniques involve opening your router and attempting to physically reset its circuitry. Gentle Recoveries If you could simply reflash your seemingly dead router with an official Linksys firmware, you could, like Cher, turn back time. Not surprisingly, this is Linksys approved recovery method for Windows users, and the only one that won t void your warranty if it works. To test if your router is only a little bit dead, you need to see if it responds to pings. First, reset your router to its factory default settings. Do this by powering it on and depressing the reset button for at least 30 seconds. You need the tip of a pen or, better yet, the pointy end of a pen cap to keep the recessed button depressed. The router s lights will cycle off and back on after it reboots itself. Using a computer with a wired Ethernet connection to one of the router s LAN ports, open a command prompt in Windows (go to the Run command in the Windows Start menu, type "cmd" and then hit Enter). Use the ping command to see if the router responds at its factory default IP address, 192.168.1.1. >ping 192.168.1.1 Pinging 192.168.1.1 with 32 bytes of data: Reply from 192.168.1.1: bytes=32 time<10ms TTL=128 Reply from 192.168.1.1: bytes=32 time<10ms TTL=128 If you see something like the above, your router is not really dead. You may now dance a happy jig. If, instead of Reply from you see Request Timed Out or Hardware Error or Destination host unreachable, your router is not responding. Do not dance a happy jig, and don t bother with the rest of this Linksys-approved recovery, because you ll just be wasting your time. Jump to the next section. To proceed with the Linksys recovery, visit their Web site to download the latest official firmware . Select your router model from the drop-down list. Be sure to choose the exact model number marked on the underside label of your router the WRT54G, for example, comes in versions from V1 to V6 (if unmarked, you have a V1). Click the Firmware icon and proceed to download the firmware executable (.exe) file . Force your network adapter into 10Mbps half-duplex mode. Because the procedure varies on different Windows versions, consult this Linksys support page for step-by-step instructions. Launch the executable file you downloaded. Click Next on the splash screen. Set the Router s IP Address to 192.168.1.1 and the Router s Password to admin . Click Next again and the firmware upload process begins. About 2 minutes later the update will complete, the router will reboot, and you re back in business. At this point you may revisit upgrading the firmware to an open-source replacement, but be sure to consider what may have gone wrong before so as not to simply repeat your router s near death experience. The Ping, Dear God, I Beg Of You Technique If you router did not respond to pings at 192.168.1.1, it isn t in great shape. But all hope is not yet lost. Earlier, did you notice if the DMZ light on the front panel glows a few seconds after applying power? If yes, you may be able to reset the router to a failsafe mode. Cycle the power to your router and, as soon as DMZ lights up, depress the reset button for two seconds. It may take some coordination to pull this off accurately. Try again to ping the router. If your firmware is truly hosed, your router may only respond to pings at 192.168.1.1 for a very brief window upon power up. The moment power is applied the router hasn t yet loaded its firmware and is operating on a kind of BIOS. It is during this fleeting moment when you may be able to catch the router while still momentarily conscious, just before its brain-dead firmware is loaded. You need to test whether your router is indeed responsive even if just for a second, because that is all that's needed to breathe into it new life. First, connect both your computer and your router to a hub or switch (obviously, the switch built into the router doesn't count). If your computer is wired directly to your router, your Ethernet link may drop when the router is non-responsive and you could miss the brief moment when it blinks its eyes awake. The hub/switch will keep your link up. Second, manually configure your wired network settings. Assign your computer the IP address 192.168.1.10 (the last digit should be any number greater than 1), with subnet mask 255.255.255.0, and gateway 192.168.1.1. Third, open a command prompt in Windows, or a terminal in MacOS X or Linux. Windows users should type: ping t 192.168.1.1 The -t switch in Windows will keep the ping running indefinitely. MacOS X or Linux users should type: ping 192.168.1.1 Your computer will continuously lob pings at the router. Now, cycle power to the router. You re looking for any sign of life at all does the router respond to any ping? Depending on your ping command, a successful reply may say Reply from or XYZ bytes from along with information like time and TTL . If you do see even one or two replies, you re set! This verifies that your router experiences a moment of consciousness. If your router does not respond to a ping within a few seconds of power up, it isn t going to happen. Seize The Moment With TFTP You can use the TFTP (Trivial File Transfer Protocol ) command-line utility to upload fresh firmware to the router in its brief moment of wakefulness. Windows, OS X, and Linux all include TFTP clients. First, you need a .bin file containing the known good firmware. You can visit the Linksys site, as described above, and download the .zip version of the firmware which includes the .bin file. You can even use a .bin file for an open source firmware, so long as you choose one stable and tested and the correct version for your router (or else you start this whole process all over again). Windows users need some dexterity here. First, remove power from your router. Open two command prompt windows. In one, you will setup your TFTP command. Type (but do not yet press enter): tftp i 192.168.1.1 PUT firmwarefile .bin In the second command prompt, enter: ping t 192.168.1.1 Run the ping command, which will begin probing, and failing, to reach the router. Now change window focus to your TFTP command. Apply power to the router. Watch the ping window for a response. Hit enter in the TFTP window! Miss by a beat and you re too late the pings will fail and your moment has passed. Cut power to the router and repeat the process. You need to start the TFTP the moment you see a successful ping. For OS X and Linux users, the principle is the same, but the process is easier. First, remove power from your router. Open a terminal window and enter the commands: tftp 192.168.1.1 binary rexmt 1 timeout 60 trace tftp> put firmwarefile .bin Now apply power to your router. The tftp client will continuously retry uploading the firmware until the router responds. Hopefully, the router will briefly awaken, allowing the firmware upgrade to be sent. About 2 minutes later the router will reset and become operational with the new firmware. If your router simply refuses to ever respond to a ping at 192.168.1.1 despite all these tricks, things are looking grim. You might want to start saving up $60 worth of router replacement kitty. Short Circuits You re desperate. Nothing has worked and your router is probably a doorstop. At this point, you might want to consider cracking the lid. This will certainly void your warranty but, then again, whatever bricked it this badly probably already did that. There remains a small glimmer of hope. That glimmer is actually a spark, which, if you re feeling brave, is what you may need to create. Two invasive methods of short circuiting your router have been reported successful. These techniques are controversial. Some in the router modifying community are opposed to even discussing these techniques. We re not here to judge, nor do we endorse them. If you err even slightly, you ll probably permanently destroy the router and possibly create a small fire hazard. Take precautions. Rubber soled shoes and a fire extinguisher, minimum. Unplug your router. Disassemble the case. On many models of WRT, the case is not held together with screws. You can press down on the top front to pop off the face. Manually untwist the two antennas. Press down on the bottom rear to pop off the backplane. You should be left with a tiny I paid $60 for this? circuit board attached to a plastic bottom panel. (Note that some router models do include a couple of screws which are accessible under the rubber feet.) Look for the flash chip, which is typically marked Intel and is toward the front of the circuit board where the LED s are. The pins on this chip are numbered at the corners 1, 24, 25, and 48. Small white triangles mark every 5 pins. The two most successful shortcuts have been on routers of V4 or less, using one of two methods: short pins 15 and 16, or short pin 16 to earth via the left antenna input. A small jeweler s screwdrivers or the tip of a multimeter can be used to short pins 15 and 16. First, apply power to the router and depress the reset button for 30 seconds. Cycle the power again. Short pins 15 and 16, and depress the reset button for another 30 seconds. Now try to ping the router. Many report success. Alternatively, use a copper or other conductive wire to connect the block of the left antenna input (the one with the braided cable) to pin 16. Again, press the reset button for 30 seconds, press the wire to pin 16 and the antenna block, and press the reset button for another 30 seconds. You may experience small sparks with these procedures. And you need steady, accurate fingers the pins on the flash chip are very, very small. If you miss the correct pins, you ve probably just completed what is known as the final nail in the coffin. Secrets of the JTAG, aka Time to Buy a New Router If you research bricked routers at all, you ll inevitable come across the so-called miracle cure known as the JTAG (short for Joint Test Action Group, which is all about testing circuits ) . With the JTAG you can supposedly revive nearly any dead router, not to mention it slices, dices, chops, and purees. However, the JTAG is complicated. You need to build or buy a special cable. It may involve soldering. It connects your PC s parallel port to circuitry inside your router. It is a very slow communications channel and can take hours of time from beginning to end. And it still may not work, despite the claims. The JTAG poses the question, how much of a hacker are you? If the whole build-your-own cable and connect it to the guts of the router sounds incredibly cool, then by all means. Follow this link to the Google search for hairydairymaid jtag and follow the results. Otherwise, this may be the time to accept your loss and proceed through the stages of grief: anger, acceptance, and buying a new router. Like this story? Digg it . Internet.com Corp. Copyright 2003 Jupitermedia Corp. All rights reserved. Republication and redistribution of Jupitermeida Corp. content is Expressly prohibited without the prior written consent of Jupitermedia Corp.. Jupitermedia Corp., shall not be liable for any errors or delays in the Content, or for any actions taken in reliance thereon. |