Flashing Linksys EA6300v1 and EA6400 with Tomato. The EA6300v1 uses the same firmware as EA6400 since the routers are exactly the same. WARNING: If anything goes wrong this can brick your router and I will not be held responsible if that happens. You're doing this at your own risk. For this router a different CFE needs to be flashed otherwise only 32k of NVRAM can be used and that is not enough but for the most basic setup. That means that it will not be possible to go back to Linksys stock firmware without the stock CFE. In this guide, instructions on how to backup stock CFE and how to revert back to Linksys stock firmware will NOT be covered. The reason for this is that I have never done it so I cannot verify if it’s working or not. But to be honest the stock Linksys firmware is nearly useless for any meaningful setup anyway. Pros when this is done: Can install 3rd party firmwares (without the 32k NVRAM bug) Can enter recovery mode (Hold the red “reset” button on the back of the router and power up the router, release it after about 15-20 seconds) Navigate to 192.168.1.1 and the "recovery web interface" should come up. Files needed: https://my.pcloud.com/publink/show?code=kZNb807Z04GYcuqwyxY10A7Ypsd8YHj35b57 Tools.7z (Contains: WinSCP, CFEEdit, Putty and TFTP xvortex_cfe_ea6400.7z linksys-EA6400-numinit-super-hacky-smaller-version.7z (A DD-WRT build used for SSH access) and Tomato firmware of your choice. 1. Reset the router (press and hold the red reset button until the power indicator flashes) 2. Connect the PC to LAN port1 on the router. Give the PC a static IP: IP address: 192.168.1.20 Subnet mask: 255.255.255.0 Default gateway: 192.168.1.1 DNS: 192.168.1.1 Reconnect to make the settings take effect. Ping the router "ping -t 192.168.1.1" (ttl=64 usually means that the router is ready) 3. Open a web browser and navigate to 192.168.1.1. Skip the basic setup (check the "skip" box) and proceed to log in using "admin" as password. Flash the "linksys-EA6400-numinit-super-hacky-smaller-version.bin" firmware. If there’s an error saying the file is invalid this means the stock Linksys firmware is too new and can only flash firmwares signed by Linksys. In this case do the following: Go to Troubleshooting -> Diagnostics and click on "restore previous firmware", if it asks for a file then flash "linksys-EA6400-numinit-super-hacky-smaller-version.bin". If it doesn’t ask for a file the flash will have to be done with tftp. Reconnect the power to the router. Check if ttl=100 in the ping window. Use tftp with the following commands (this has to be done before ttl=100 dissapears): $ tftp tftp> connect (to) 192.168.1.1 tftp> binary tftp> put linksys-EA6400-numinit-super-hacky-smaller-version.bin Sent 22765568 bytes in 76.5 seconds tftp> quit Give the router about 5 minutes to process the firmware image. Go to 192.168.1.1 again and DD-WRT should be there. If not: Navigate to Troubleshooting -> Diagnostics and restore previous firmware. DD-WRT should now boot. 4. Once the flash has completed (this takes a couple of minutes) navigate to 192.168.1.1. Set username/password to admin/admin. Navigate to the services tab and enable SSHd. Click Save at the bottom, then Apply Settings. 5. Open "xvortex_cfe_ea6400.bin” with "CFEEdit.exe" and fill in: MAC Address (found on the bottom of the router) WPS Password (found on the bottom of the router) Go over to the Advanced Mode tab and fill in: 0:macaddr (same as MAC Address +2) 1:macaddr (same as MAC Address +4) The HEX sequence from 00H to FFH: 00,01,02,03,04,05,06,07,08,09,0A,0B,0C,0D,0E,0F 10,11,12,13,14,15,16,17,18,19,1A,1B,1C,1D,1E,1F 20,21,22,23,24,25,26,27,28,29,2A,2B,2C,2D,2E,2F 30,31,32,33,34,35,36,37,38,39,3A,3B,3C,3D,3E,3F 40,41,42,43,44,45,46,47,48,49,4A,4B,4C,4D,4E,4F 50,51,52,53,54,55,56,57,58,59,5A,5B,5C,5D,5E,5F 60,61,62,63,64,65,66,67,68,69,6A,6B,6C,6D,6E,6F 70,71,72,73,74,75,76,77,78,79,7A,7B,7C,7D,7E,7F 80,81,82,83,84,85,86,87,88,89,8A,8B,8C,8D,8E,8F 90,91,92,93,94,95,96,97,98,99,9A,9B,9C,9D,9E,9F A0,A1,A2,A3,A4,A5,A6,A7,A8,A9,AA,AB,AC,AD,AE,AF B0,B1,B2,B3,B4,B5,B6,B7,B8,B9,BA,BB,BC,BD,BE,BF C0,C1,C2,C3,C4,C5,C6,C7,C8,C9,CA,CB,CC,CD,CE,CF D0,D1,D2,D3,D4,D5,D6,D7,D8,D9,DA,DB,DC,DD,DE,DF E0,E1,E2,E3,E4,E5,E6,E7,E8,E9,EA,EB,EC,ED,EE,EF F0,F1,F2,F3,F4,F5,F6,F7,F8,F9,FA,FB,FC,FD,FE,FF So if the MAC Address (found on the bottom of the router) is: 3B:00:8F:39:F9:56 then 0:macaddr (same as MAC Address +2) would be: 3B:00:8F:39:F9:58 If the MAC Address (found on the bottom of the router) is: 3B:00:8F:39:F9:CF then 0:macaddr (same as MAC Address +2) would be: 3B:00:8F:39:F9.D1 Save as "new6400cfe.bin" 6. Run WinSCP.exe File protocol: SFTP Host name: 192.168.1.1 Port number: 22 Username/Password: root/admin and Login Upload the newly created CFE file "new6400cfe.bin" to the router. This is done by dragging the file from the left side to the right (make sure the right side is in the /tmp/root directory) Close WinSCP 7. Run Putty.exe Host name: 192.168.1.1 Port: 22 Connection type: SSH and Open login as: root password: admin To flash the CFE use the following commands: mtd unlock /dev/mtd0 mtd write –f /tmp/root/new6400cfe.bin /dev/mtd0 if mtd write –f /tmp/root/new6400cfe.bin /dev/mtd0 doesn't work try mtd –f write /tmp/root/new6400cfe.bin /dev/mtd0 Close Putty 8. Now that the new CFE is flashed the "recovery web interface" can be used to flash new firmwares. Hold the red "reset" button on the back of the router and power up the router, release it after about 15-20 seconds. Navigate to 192.168.1.1 and the "recovery web interface" should come up. Flash Tomato Firmware (this can take up to five minutes, check the ping for ttl=64 to see if it’s done.) When the flash is done it's time to reset NVRAM (hold the WPS button while powering on the router, hold it until the Linksys logo starts to flash or 15-20 seconds) Navigate to 192.168.1.1 and reset the router from within the firmware as well. Reboot router.