Archive

OpenWrt

OpenWrt for the Buffalo WBMR-HP-G300H comes with the ADSL annex B (ISDN) firmware pre-installed.

OpenWrt for the Buffalo WBMR-HP-G300H comes with the annex B ADSL firmware pre-installed.

OpenWrt for the Buffalo WBMR-HP-G300H comes with the ADSL annex B firmware pre-installed.

To install the more commonly used annex A (PSTN) firmware, proceed as follows:

1. First remove the annex B firmware:

opkg remove kmod-ltq-adsl-ar9-fw-b

2. Download the annex A firmware from OpenWrt.

3. Copy the firmware to the modem. On Windows you can use PuTTY’s pscp. On Linux you can use scp. Here I’m using pscp at a DOS prompt to copy kmod-ltq-adsl-ar9-fw-a_0.1-1_lantiq.ipk to 192.168.1.1 as fw.ipk.

>pscp -scp kmod-ltq-adsl-ar9-fw-a_0.1-1_lantiq.ipk root@192.168.1.1:fw.ipk
root@192.168.1.1's password:
kmod-ltq-adsl-ar9-fw-a_0. | 187 kB | 187.5 kB/s | ETA: 00:00:00 | 100%
>

The package will be copied to the root user’s home folder as fw.ipk:

root@OpenWrt:~# ls
fw.ipk
root@OpenWrt:~#

If you’re using scp on Linux, the command is similar: scp kmod-ltq-adsl-ar9-fw-a_0.1-1_lantiq.ipk root@192.168.1.1:fw.ipk .

4. Install the firmware:

root@OpenWrt:~# opkg install fw.ipk
Installing kmod-ltq-adsl-ar9-fw-a (0.1-1) to root...
Configuring kmod-ltq-adsl-ar9-fw-a.
root@OpenWrt:~#

… and you are done!

If you have any questions or if you spotted any errors or omissions, please leave me a comment.

Advertisements

In my previous post I showed you how to install OpenWrt 14.07 on the Buffalo WBMR-HP-G300H. In this post I’ll show you how you can restore the original Buffalo firmware. Numerous posts on the internet claim that going back to the original firmware is impossible once you’ve installed OpenWrt or DD-WRT. This is not true. If you’ve installed OpenWrt or DD-WRT on your WBMR-HP-G300H and you wish to go back to the original Buffalo firmware, keep reading.

Note to DD-WRT users: to restore the original Buffalo firmware you need to switch to OpenWrt first. You can check my previous post for instructions on installing OpenWrt.

With OpenWrt installed on the WBMR-HP-G300H, what prevents you from restoring the original Buffalo firmware once you’ve downloaded it from Buffalo’s site is that the firmware is encrypted. You need to decrypt the firmware (and also remove a header) before you try flashing it. The whole process is outlined by n0r1n0x in his excellent post here and I’ll be following it below. Briefly, here’s what needs to be done: to decrypt the firmware we’re going to get OpenWrt’s source files, compile the decryption program, modify the firmware, decrypt it and, lastly, flash it. Let’s begin.

1. Download the OpenWrt source files

Open a terminal window and issue the following command:

git clone git://git.openwrt.org/14.07/openwrt.git

This will download the OpenWrt source files in the openwrt directory (the directory will be created for you).

2. Locate, edit and compile buffalo-enc.c

The file buffalo-enc.c should be in /openwrt/tools/firmware-utils/src. Open it with a text editor and add the following line to the top:

#include "buffalo-lib.c"

Save the file and compile it with the command below:

gcc -o buffalo-enc buffalo-enc.c

We will use buffalo-enc to decrypt the firmware image in a moment.

3. Edit the encrypted firmware

Before decrypting the Buffalo firmware we need to strip off the first start section (if you haven’t already downloaded the original firmware, you can download it from here). Open wbmrhpg300h-179 with a hex editor, select the first 228 bytes (up until but not including the second start) and delete them.

Removing the first start section from the encrypted firmware.

Removing the first start section from the encrypted firmware.

Save the edited firmware as encrypted_fw and close the hex editor.

4. Decrypt the firmware

Decrypt the firmware by issuing:

buffalo-enc -d -i encrypted_fw -o decrypted.bin

The decrypted firmware will be saved as decrypted.bin.

For your convenience I have uploaded the decrypted firmware to OneDrive.You can find it here.

MD5: b4318c88e1aa472a1c299281e16061a0 – SHA1: 6f69f931d1bd09de2e516ee42fd8b780ee726a4a

5. Flash

Login to the OpenWrt admin page and go to System –> Backup/Flash Firmware. Under the “Flash new firmware image” section choose the decrypted firmware image and press Flash image.

About to flash the original firmware.

About to flash the original firmware.

You will be asked to verify that you uploaded the correct image. Click proceed and the flash process will begin. The modem will reboot after a few minutes once or twice. Do not power off the modem. The process will take a few minutes to complete. Renew your ethernet connection and reconnect to the modem (default ip now is 192.168.11.1). The original Buffalo firmware is now restored!

Buffalo WBMR-HP-G300H firmware v1.79 restored.

Buffalo WBMR-HP-G300H firmware v1.79 restored.

If you have any questions or if you spotted any errors or omissions, please leave me a comment.

The Buffalo WBMR-HP-G300H is a little beast of a modem/router, based on the Lantiq AR9 SoC family, and built on the following hardware:

Type Part Notes
CPU Lantiq XWAY ARX168 PSB 50810 EL MIPS 34Kc @ 333MHz
Flash Macronix MX29GL256ELT2I-90Q 32MB
RAM Samsung K4H511638F-LCCC 64MB @ 166MHz
Switch Atheros AR8316 ?
WiFi Atheros AR9223  IEEE 802.11 b/g/n

The modem officially supports DD-WRT but we will be installing OpenWrt Barrier Breaker.

There are two ways of getting OpenWrt on the WBMR-HP-G300H. You can either install OpenWrt through DD-WRT (provided, of course, you’ve installed DD-WRT first) or you can talk to the modem’s bootloader via TFTP and upload an OpenWrt image. In this post I’ll be taking the DD-WRT route, which is really simple. Let’s begin.

Step 1: Install DD-WRT

If DD-WRT is not already installed on the modem (i.e. the modem is running the official Buffalo firmware), you need to install it. Download buffalo_to_dd-wrt_MULTI.enc from DD-WRT’s website and save it on your hard-drive. Turn on the modem and connect to 192.168.11.1. The default username is root, the password is blank. (Note: use IE or Opera, otherwise the pages won’t render properly). Now navigate to Admin Config/Update. Choose the file you just downloaded from DD-WRT’s website and press Update Firmware.

Updating to DD-WRT.

Updating to DD-WRT.

After you press Update Firmware you need to wait for about 6-7 minutes. A progress bar will be displayed in the browser to let you know how far along the process has got. Once the update is complete you should renew your ethernet connection. The new router ip will be 192.168.1.1.

Step 2: Flash OpenWrt

With DD-WRT installed we can proceed to flashing OpenWrt. From OpenWrt’s website download openwrt-lantiq-xway-WBMR-squashfs.image and save it on a USB stick (formatted either as ext2/3 or FAT32). Login to the DD-WRT admin page at 192.168.1.1 (on first access you will be prompted to set a new password) and navigate to Services/USB. We will enable USB support in order to copy the OpenWrt image from the USB stick to the modem’s internal storage. To do so, enable Core USB Support, USB Storage Support and Automatic Drive Mount, as pictured below, and apply settings.

Enabling USB support.

Enabling USB support on DD-WRT.

With USB support enabled, plug-in your USB stick to the modem. Telnet to the modem at 192.168.1.1 and login with username root (even if you have changed the username!) and the password you previously set. You can see below that, in my case, my USB stick has been mounted on /tmp/mnt/sda_part1.

The USB stick has been mounted on /tmp/mnt/sda_part1/.

We are now ready to flash OpenWrt. Change to the directory where the stick is mounted and issue the following command:

mtd -r write openwrt-lantiq-xway-WBMR-squashfs.image linux

This will write OpenWrt to the modem’s flash storage.

Writing OpenWrt.

Writing OpenWrt.

The telnet connection will be closed once the write is complete. At this point you have to wait while the modem boots OpenWrt for the first time. Do not turn off the modem. Once the modem is ready you will be able to ping it and telnet to it at 192.168.1.1 again.

Connecting to OpenWrt for the first time.

Connecting to OpenWrt for the first time.

Congratulations, OpenWrt Barrier Breaker is now installed.

If you have any questions or if you spotted any errors or omissions, please leave me a comment.

First order of business after installing OpenWrt is to telnet to your device and set a root password. To do so telnet to 192.168.1.1 and, once you get the OpenWrt prompt, issue the passwd command. Now set a password and close the telnet connection.

$ telnet 192.168.1.1
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
 === IMPORTANT ============================
  Use 'passwd' to set your login password
  this will disable telnet and enable SSH
 ------------------------------------------

BusyBox v1.15.3 (2011-11-24 00:44:13 CET) built-in shell (ash)
Enter 'help' for a list of built-in commands.

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 Backfire (10.03.1, r29592) ------------------------
  * 1/3 shot Kahlua    In a shot glass, layer Kahlua 
  * 1/3 shot Bailey's  on the bottom, then Bailey's, 
  * 1/3 shot Vodka     then Vodka.
 ---------------------------------------------------
root@OpenWrt:/# passwd
Changing password for root
New password:
Retype password:
Password for root changed by root
root@OpenWrt:/# exit
Connection closed by foreign host.
$

With a root password set telnet access will be disabled and for all subsequent connections you will use ssh. All further telnet connection attempts will fail, because the connection will be refused. This is standard OpenWrt behavior.

$ telnet 192.168.1.1
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
Login failed.
Connection closed by foreign host.
$ ssh root@192.168.1.1
The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established.
RSA key fingerprint is e3:74:ff:f7:54:45:12:ba:94:66:08:8f:40:05:a4:71.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts.
root@192.168.1.1's password: 

BusyBox v1.15.3 (2011-11-24 00:44:13 CET) built-in shell (ash)
Enter 'help' for a list of built-in commands.

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 Backfire (10.03.1, r29592) ------------------------
  * 1/3 shot Kahlua    In a shot glass, layer Kahlua 
  * 1/3 shot Bailey's  on the bottom, then Bailey's, 
  * 1/3 shot Vodka     then Vodka.
 ---------------------------------------------------
root@OpenWrt:~#

Now that we’ve established our connection to the router I suggest you change its default ip address so that it doesn’t conflict with any other routers you may be using. I’ll use 192.168.100.1. To change the ip address issue the following commands (you can read more about UCI here):

root@OpenWrt:~# uci set network.lan.ipaddr=192.168.100.1
root@OpenWrt:~# uci commit

Now reboot your router. The results of the above configuration are the following:

  • Router ip set to 192.168.100.1
  • DHCP addresses served in range 192.168.100.x

Bringing up the ADSL Interface

To bring up the ADSL interface we need to add the configuration below to /etc/config/network (I assume here that your ISP employs PPPoE bridged over ATM – occasionally called PPPoEoA. I also assume that the ATM PVC uses vpi 8, vci 35 and encapsulation LLC)*:

config 'interface' 'wan'
        option 'ifname' 'nas0'
        option 'proto' 'pppoe'
        option 'username' 'USERNAME'
        option 'password' 'PASSWORD'

config 'atm-bridge' 'atm'
        option 'unit' '0'
        option 'vpi' '8'
        option 'vci' '35'
        option 'encaps' 'llc'
        option 'payload' 'bridge'

To add the configuration above we can either edit the /etc/config/network file directly or issue the following commands at the OpenWrt prompt:

root@OpenWrt:~# uci set network.wan=interface          #add wan section
root@OpenWrt:~# uci set network.wan.ifname=nas0
root@OpenWrt:~# uci set network.wan.proto=pppoe
root@OpenWrt:~# uci set network.wan.username=USERNAME
root@OpenWrt:~# uci set network.wan.password=PASSWORD
root@OpenWrt:~#
root@OpenWrt:~# uci set network.atm=atm-bridge         #add atm section
root@OpenWrt:~# uci set network.atm.unit=0
root@OpenWrt:~# uci set network.atm.vpi=8
root@OpenWrt:~# uci set network.atm.vci=35
root@OpenWrt:~# uci set network.atm.encaps=llc
root@OpenWrt:~# uci set network.atm.payload=bridge
root@OpenWrt:~#
root@OpenWrt:~# uci commit

Don’t forget to replace USERNAME and PASSWORD with the ones provided by your ISP. Confirm by issuing uci show network or cat /etc/config/network.

Now run /etc/init.d/br2684ctl start to create the nas0 interface and bring up the wan interface:

root@OpenWrt:~# /etc/init.d/br2684ctl start
br2684ctl[1728]: Interface "nas0" created sucessfully
br2684ctl[1728]: Communicating over ATM 0.8.35, encapsulation: LLC
br2684ctl[1728]: Interface configured
root@OpenWrt:~#

You should now be connected to the internet. If you check the router’s log by issuing logread, you’ll see pppd establishing a PPP session with your ISP:

root@OpenWrt:~# logread
<output omitted>
daemon.info pppd[1485]: PPP session is 17049
daemon.info pppd[1485]: Using interface pppoe-wan
daemon.notice pppd[1485]: Connect: pppoe-wan  nas0
daemon.notice pppd[1485]: PAP authentication succeeded
daemon.notice pppd[1485]: peer from calling number 00:90:1A:A4:08:72
authorized
daemon.notice pppd[1485]: local  IP address xx.xx.xx.xx
daemon.notice pppd[1485]: remote IP address xx.xx.xx.xx
daemon.notice pppd[1485]: primary   DNS address xx.xx.xx.xx
daemon.notice pppd[1485]: secondary DNS address xx.xx.xx.xx
user.notice ifup: Enabling Router Solicitations on wan (pppoe-wan)
user.info firewall: adding wan (pppoe-wan) to zone wan
root@OpenWrt:~#

If you run ifconfig you should have a nas0 and a pppoe-wan interface.

root@OpenWrt:~# ifconfig
<output omitted>
nas0      Link encap:Ethernet  HWaddr 00:E0:A0:A6:66:70  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:342 errors:0 dropped:0 overruns:0 frame:0
          TX packets:478 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:31331 (30.5 KiB)  TX bytes:28629 (27.9 KiB)

pppoe-wan Link encap:Point-to-Point Protocol  
          inet addr:xx.xx.xx.xx  P-t-P:xx.xx.xx.xx  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:9 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:885 (885.0 B)  TX bytes:498 (498.0 B)
root@OpenWrt:~#

And last but not least, you should be able to ping outside addresses:

root@OpenWrt:~# ping www.yahoo.com
PING www.yahoo.com (87.248.122.122): 56 data bytes
64 bytes from 87.248.122.122: seq=0 ttl=54 time=94.505 ms
64 bytes from 87.248.122.122: seq=1 ttl=54 time=95.070 ms
64 bytes from 87.248.122.122: seq=2 ttl=54 time=95.265 ms
^C
--- www.yahoo.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 94.505/94.946/95.265 ms
root@OpenWrt:~#

If you have any questions or if you spotted any errors or omissions, please leave me a comment.

* Multiprotocol encapsulation over AAL5 is defined in RFC 2684. For more information check  http://tools.ietf.org/html/rfc2684.

In my previous post we installed OpenWrt 10.03.1 on D-Link’s DSL-G624T. In this post I’ll show you, just in case you’re not happy with OpenWrt, how you can uninstall it and go back to the original D-Link firmware. The procedure is simple. You connect to the bootloader again, open an ftp connection, flash the original D-Link firmware and reset the mtd variables to their original values (you did make a note of the original mtd values, didn’t you?).

Before we begin we need to grab the original DSL-G624T firmware. You can find v3.10 of the original firmware on the router’s product support page (I’ve also uploaded it to OneDrive in case D-Link decides to remove it. SHA1: 73867582db7120ed1a3d5a59afb4ad395dda21f8). Download the zip archive and extract the firmware image ‘DLinkEU-A_DSL-G624T_singleimage_kernel_fs_-V3.10B01T02.EU–A.20070613’. Rename the image to something more manageable like ‘original.bin‘.

Now that we have the firmware let’s connect to the modem. Connect your USB-to-UART converter to the modem’s serial port as before:

  • Converter GND to modem pin 4 or pin 2 (either one will do)
  • Converter Rx to modem pin 1
  • Converter Tx to modem pin 5

Launch your preferred terminal emulator (I’ll be using PuTTY) and open the serial connection. Power on the router (I use the terms ‘modem’ and ‘router’ interchangeably) and stop the bootloader from running the OS (just press any key). Set an ip address in the 192.168.1.x range for your NIC and connect to the router via UTP. Next, if you’re running Ubuntu, make sure that F-RTO is disabled (more info in my previous post), change to the directory where you extracted the original firmware and open an ftp connection to 192.168.1.199.

With the ftp connection established, issue, as before, the following commands:

ftp> binary
200 Type set to I.
ftp> hash
Hash mark printing on (1024 bytes/hash mark).
ftp> quote MEDIA FLSH
200 Media set to FLSH.
ftp>

Finally execute:

ftp> put original.bin "fw mtd1"

Just like when we flashed OpenWrt, the memory will be erased first, and then the transfer will begin. You can monitor the progress of the erase in PuTTY.

With the transfer of the original firmware completed, we need to reset mtd1 to its original value. At the bootloader prompt issue the following command:

Adam2_AR7RD > setenv mtd1 0x90010090,0x900a1000

Make sure that the mtd variables now have the values given below:

Adam2_AR7RD > printenv
mtd0  0x900a1000,0x903f0000
mtd1  0x90010090,0x900a1000
mtd2  0x90000000,0x90010000
mtd3  0x903f0000,0x90400000
mtd4  0x90010000,0x903f0000

At this point we are ready to run the original D-Link firmware. Disconnect the UTP cable. Switch to PuTTY and enter go:

Adam2_AR7RD > go

Good job, your modem is now running the original D-Link firmware.

If you have any questions or if you spotted any errors or omissions, please leave me a comment.

Updated November 20, 2013 – Added paragraph for TcpMaxDataRetransmissions

The D-Link DSL-G624T is a wireless 4-port ADSL modem/router based on the TI AR7 platform. It employs the following hardware:

Type Part Notes
CPU TI TNETD7300AZDW 150 MHz
Flash Spansion S29AL032D90TFI04 4 MB
RAM ESMT M12L128168A 16 MB SDRAM
Switch Infineon ADM6996M 4 ports
WiFi TI TNETW1130ZVF IEEE 802.11 b/g

We will be installing OpenWrt 10.03.1 Backfire instead of the latest (as of this writing) 12.09 Attitude Adjustment version, since the latter seems to have a bug in controlling the ethernet switch and you end up being unable to connect to the modem. (Note: the terms ‘modem’ and ‘router’ are used interchangeably in this post).

Note for Windows users only: A registry edit and thus a reboot will be required later on (§On Windows), so I suggest you do that first and then come back to this point.

Serial Port

To install OpenWrt we first need to connect to the modem’s serial port and talk to its bootloader (ADAM2 in this case; more info here). To implement this connection you need a USB-to-UART serial converter such as this one.

The modem’s serial port is located at the top left side of the board, as shown in the figure below.

The DSL-G624T board. The serial port is located top left.

The D-Link DSL-G624T board. The serial port is located at the top left side.

Connect the converter to your computer and, with the modem powered off, implement the following connection:

  • Converter GND to modem pin 4 or pin 2 (either one will do)
  • Converter Rx to modem pin 1
  • Converter Tx to modem pin 5

Use only the pins mentioned above. Do not connect the 3.3v line.

Do not turn on the modem yet. On your computer launch PuTTY or SecureCRT or any other terminal emulator you like (I will be using PuTTY for this post) and, on Ubuntu, point it to /dev/ttyUSB0. (On Windows you need to use the COM port assigned to the converter). Select speed 38400, data bits 8, parity None, stop bits 1 (8N1) and open the connection.

PuTTY serial connection settings

PuTTY serial connection settings.

Note: For PuTTY to be able to open /dev/ttyUSB0 you need to run it as root. To do so, open a command terminal and enter gksudo putty & .

Power on the modem now. As soon as the modem is turned on you will see the following output in PuTTY:

ADAM2 Revision 0.22.02_b04_Mar 10 2005
(C) Copyright 1996-2003 Texas Instruments Inc. All Rights Reserved.
(C) Copyright 2003 Telogy Networks, Inc.
Usage: setmfreq [-d] [-s sys_freq, in MHz] [cpu_freq, in MHz]
Memory optimization Complete!

Adam2_AR7RD >
Press any key to abort OS load, or wait 5 seconds for OS to boot...

Press enter to stop the OS from loading and get the bootloader prompt.

MTD Partitions

Once you are at the bootloader prompt you can see all the available commands by typing help. Enter printenv to get an output similar to the following (please note that not all lines are shown; I have included only the lines that interest us):

Adam2_AR7RD > printenv
my_ipaddress  192.168.1.199
mtd0  0x900a1000,0x903f0000
mtd1  0x90010090,0x900a1000
mtd2  0x90000000,0x90010000
mtd3  0x903f0000,0x90400000
mtd4  0x90010000,0x903f0000

Make a note of the mtd values above. Also note the ip address given by the ‘my_ipaddress’ parameter. We will connect to this ip later on.

The mtd values given above logically divide the flash memory into different partitions. Each pair of values defines a starting position and an ending position. The figure below helps illustrate this.

mtd partitions

D-Link DSL-G624T flash memory partitions.

This is where the firmware and the bootloader (plus environment variables) are stored.

Partition Contents
mtd2 ADAM2 bootloader
mtd1 Kernel
mtd0 filesystem
mtd3 Environment variables
mtd4 mtd1+mtd0

Note: Do not edit, modify or in any way alter the contents of partitions mtd2 (the bootloader) and mtd3 (the environment variables) unless you absolutely know what you’re doing. Doing so may render your router unbootable. As long as the bootloader and its settings are intact, you can recover from a bad flash.

Preparing for Installation

We will be installing OpenWrt by overwriting the contents of partitions mtd1 and mtd0 (the original D-Link firmware). According to this device’s page on http://wiki.openwrt.org, we need to slightly modify the partitions’ layout so that it can store the new firmware. Specifically, we need to modify mtd1 and mtd0 so that they have the following values:

mtd0  0x900a1000,0x903f0000
mtd1  0x90010000,0x903f0000

In my case mtd0 already has the required value, so I only need to change mtd1, however I’ll show you how to change both.

To modify the values of mtd1 and mtd0 we issue the setenv command, followed by the parameter we wish to modify and its new values, as shown below:

Adam2_AR7RD > setenv mtd1 0x90010000,0x903f0000
Adam2_AR7RD > setenv mtd0 0x900a1000,0x903f0000
Adam2_AR7RD >

Installation

Now we can proceed to the installation of OpenWrt. Download ‘openwrt-ar7-squashfs.bin’ from http://downloads.openwrt.org/backfire/10.03.1/ar7/ . Once the download is complete, disconnect from the internet and set an ip address in the 192.168.1.x subnet for your computer. Connect to the modem via UTP. Change to the directory where you saved the OpenWrt firmware and open an ftp connection to 192.168.1.199 (this is the ip address the ftp service of ADAM2 is listening to, as given by the ‘my_ipaddress’ variable we saw earlier). Username and password is ‘adam2’.

$ ftp 192.168.1.199
Connected to 192.168.1.199.
220 ADAM2 FTP Server ready.
Name: adam2
331 Password required for adam2.
Password:
230 User adam2 successfully logged in.
Remote system type is UNIX.
ftp>

Issue the following commands to the ftp server:

  • binary for binary file transfer
  • hash for hash mark printing to see the file transfer progress as the firmware is being copied to the modem
  • quote MEDIA FLSH to indicate we want to write to the flash memory

The commands are shown below:

ftp> binary
200 Type set to I.
ftp> hash
Hash mark printing on (1024 bytes/hash mark).
ftp> quote MEDIA FLSH
200 Media set to FLSH.
ftp>

There is one last thing left to do before we begin flashing the modem with the new firmware: we need to take care of TCP retransmission timeouts. On Ubuntu we need to disable F-RTO. On Windows we need to add a dword named ‘TcpMaxDataRetransmissions’ to a registry key. This is crucial; if F-RTO is enabled or if TcpMaxDataRetransmissions is at its default value, the transfer of the firmware will fail.

On Ubuntu

To check whether F-RTO is enabled, do cat /proc/sys/net/ipv4/tcp_frto as shown below. A value of 1 or 2 means F-RTO is enabled; a 0 means it is disabled. If F-RTO is enabled on your system, open a root terminal (sudo won’t work) and issue echo 0 > /proc/sys/net/ipv4/tcp_frto.

# cat /proc/sys/net/ipv4/tcp_frto
2
# echo 0 > /proc/sys/net/ipv4/tcp_frto
On Windows

Run regedit.exe and go to HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters. Add a DWORD named TcpMaxDataRetransmissions and set it to a high value (e.g. 40 decimal). Close regedit and reboot. Do not forget to delete this dword after flashing is complete.

Once F-RTO or the Windows registry is taken care of, we are ready to flash the modem with the new firmware. At the ftp prompt issue the following command:

ftp> put openwrt-ar7-squashfs.bin "fw mtd1"

(What the above command says is “store ‘openwrt-ar7-squashfs.bin’ as ‘fw’ into mtd1”. You don’t have to name the destination file ‘fw’. You can name it whatever you like; it doesn’t matter. However you must use mtd1).

You won’t see any output at the ftp prompt immediately. This is normal. If you switch to PuTTY you will see that the flash memory is being erased first. Just be patient.

Adam2_AR7RD > Erasing from 0xb0010000 to 0xb03f0000.
FlashEraseBlock(b0010000,b03effff);
..............................................................
Erase Successful.

Once the erase is completed the transfer will begin. You will get a long series of hash marks at the ftp prompt, indicating the transfer is in progress. You will know when the transfer is complete.

ftp> put openwrt-ar7-squashfs.bin "fw mtd1"
local: openwrt-ar7-squashfs.bin remote: fw mtd1
200 Port command successful.
150 Opening BINARY mode data connection for file transfer.
########################################################

########################################################
226 Transfer complete.
2818052 bytes sent in 37.02 secs (74.3 kB/s)
ftp>

Boot

You’ve now flashed your modem with the OpenWrt firmware. The only thing left to do now is to reboot. At the ftp prompt enter quote REBOOT:

ftp> quote REBOOT
221-Thank you for using the FTP service on ADAM2.
221 Goodbye.
ftp>

and immediately disconnect the UTP cable from the modem as it reboots and runs Backfire for the first time. You can keep the serial connection open and examine the bootlog of OpenWrt as it boots. Don’t forget to remove the ip address you set on your computer manually. Your NIC will be assigned an ip address via DHCP once the modem is booted and you reconnect the UTP cable.

If you press enter from within PuTTY or if you telnet to your modem once it is ready, you will get the following ouput:

OpenWrt 10.03.1 Backfire banner.

OpenWrt 10.03.1 Backfire banner.

Congratulations, you are now running OpenWrt 10.03.1 Backfire. In one of my next posts I’ll walk you through the next steps after first boot. In the meantime, if you wish, you can check http://wiki.openwrt.org/doc/howto/firstlogin .

If you have any questions or if you spotted any errors or omissions, please leave me a comment.