In my previous post I showed you how to install OpenWrt 14.07 on the Buffalo WBMR-HP-G300H. In this post I’ll show you how you can restore the original Buffalo firmware. Numerous posts on the internet claim that going back to the original firmware is impossible once you’ve installed OpenWrt or DD-WRT. This is not true. If you’ve installed OpenWrt or DD-WRT on your WBMR-HP-G300H and you wish to go back to the original Buffalo firmware, keep reading.
Note to DD-WRT users: to restore the original Buffalo firmware you need to switch to OpenWrt first. You can check my previous post for instructions on installing OpenWrt.
With OpenWrt installed on the WBMR-HP-G300H, what prevents you from restoring the original Buffalo firmware once you’ve downloaded it from Buffalo’s site is that the firmware is encrypted. You need to decrypt the firmware (and also remove a header) before you try flashing it. The whole process is outlined by n0r1n0x in his excellent post here and I’ll be following it below. Briefly, here’s what needs to be done: to decrypt the firmware we’re going to get OpenWrt’s source files, compile the decryption program, modify the firmware, decrypt it and, lastly, flash it. Let’s begin.
1. Download the OpenWrt source files
Open a terminal window and issue the following command:
git clone git://git.openwrt.org/14.07/openwrt.git
This will download the OpenWrt source files in the openwrt directory (the directory will be created for you).
2. Locate, edit and compile buffalo-enc.c
buffalo-enc.c should be in
/openwrt/tools/firmware-utils/src. Open it with a text editor and add the following line to the top:
Save the file and compile it with the command below:
gcc -o buffalo-enc buffalo-enc.c
We will use
buffalo-enc to decrypt the firmware image in a moment.
3. Edit the encrypted firmware
Before decrypting the Buffalo firmware we need to strip off the first start section (if you haven’t already downloaded the original firmware, you can download it from here). Open
wbmrhpg300h-179 with a hex editor, select the first 228 bytes (up until but not including the second
start) and delete them.
Save the edited firmware as
encrypted_fw and close the hex editor.
4. Decrypt the firmware
Decrypt the firmware by issuing:
buffalo-enc -d -i encrypted_fw -o decrypted.bin
The decrypted firmware will be saved as
For your convenience I have uploaded the decrypted firmware to OneDrive.You can find it here.
MD5: b4318c88e1aa472a1c299281e16061a0 – SHA1: 6f69f931d1bd09de2e516ee42fd8b780ee726a4a
Login to the OpenWrt admin page and go to System –> Backup/Flash Firmware. Under the “Flash new firmware image” section choose the decrypted firmware image and press Flash image.
You will be asked to verify that you uploaded the correct image. Click proceed and the flash process will begin. The modem will reboot after a few minutes once or twice. Do not power off the modem. The process will take a few minutes to complete. Renew your ethernet connection and reconnect to the modem (default ip now is 192.168.11.1). The original Buffalo firmware is now restored!
If you have any questions or if you spotted any errors or omissions, please leave me a comment.