1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Guide: Flashing Linksys EA6300v1 and EA6400 with Tomato.

Discussion in 'Tomato Firmware' started by monoton, Nov 15, 2017.

  1. monoton

    monoton Connected Client Member

    Flashing Linksys EA6300v1 and EA6400 with Tomato.
    The EA6300v1 uses the same firmware as EA6400 since the routers are exactly the same.

    If anything goes wrong this can brick your router and I will not be held responsible if that happens. You're doing this at your own risk.

    For this router a different CFE needs to be flashed otherwise only 32k of NVRAM can be used and that is not enough but for the most basic setup. That means that it will not be possible to go back to Linksys stock firmware without the stock CFE.

    In this guide, instructions on how to backup stock CFE and how to revert back to Linksys stock firmware will NOT be covered. The reason for this is that I have never done it so I cannot verify if it’s working or not.
    But to be honest the stock Linksys firmware is nearly useless for any meaningful setup anyway.

    Pros when this is done:
    Can install 3rd party firmwares (without the 32k NVRAM bug)
    Can enter recovery mode (Hold the red “reset” button on the back of the router and power up the router, release it after about 15-20 seconds)
    Navigate to and the "recovery web interface" should come up.

    Files needed: https://my.pcloud.com/publink/show?code=kZNb807Z04GYcuqwyxY10A7Ypsd8YHj35b57
    Tools.7z (Contains: WinSCP, CFEEdit, Putty and TFTP
    linksys-EA6400-numinit-super-hacky-smaller-version.7z (A DD-WRT build used for SSH access)
    Tomato firmware of your choice.

    Reset the router (press and hold the red reset button until the power indicator flashes)

    Connect the PC to LAN port1 on the router.

    Give the PC a static IP:
    IP address:
    Subnet mask:
    Default gateway:

    Reconnect to make the settings take effect.

    Ping the router "ping -t" (ttl=64 usually means that the router is ready)

    Open a web browser and navigate to

    Skip the basic setup (check the "skip" box) and proceed to log in using "admin" as password.

    Flash the "linksys-EA6400-numinit-super-hacky-smaller-version.bin" firmware.

    If there’s an error saying the file is invalid this means the stock Linksys firmware is too new and can only flash firmwares signed by Linksys.

    In this case do the following: Go to Troubleshooting -> Diagnostics and click on "restore previous firmware", if it asks for a file then flash "linksys-EA6400-numinit-super-hacky-smaller-version.bin".

    If it doesn’t ask for a file the flash will have to be done with tftp.
    Reconnect the power to the router.
    Check if ttl=100 in the ping window.
    Use tftp with the following commands (this has to be done before ttl=100 dissapears):

    $ tftp
    tftp> connect
    tftp> binary
    tftp> put linksys-EA6400-numinit-super-hacky-smaller-version.bin
    Sent 22765568 bytes in 76.5 seconds
    tftp> quit

    Give the router about 5 minutes to process the firmware image.

    Go to again and DD-WRT should be there.

    If not:
    Navigate to Troubleshooting -> Diagnostics and restore previous firmware.

    DD-WRT should now boot.

    Once the flash has completed (this takes a couple of minutes) navigate to

    Set username/password to admin/admin.

    Navigate to the services tab and enable SSHd. Click Save at the bottom, then Apply Settings.

    Open "xvortex_cfe_ea6400.bin” with "CFEEdit.exe" and fill in:
    MAC Address (found on the bottom of the router)
    WPS Password (found on the bottom of the router)

    Go over to the Advanced Mode tab and fill in:
    0:macaddr (same as MAC Address +2)
    1:macaddr (same as MAC Address +4)

    The HEX sequence from 00H to FFH:

    So if the MAC Address (found on the bottom of the router) is:
    then 0:macaddr (same as MAC Address +2) would be:

    If the MAC Address (found on the bottom of the router) is:
    then 0:macaddr (same as MAC Address +2) would be:

    Save as "new6400cfe.bin"

    Run WinSCP.exe
    File protocol: SFTP
    Host name:
    Port number: 22
    Username/Password: root/admin
    and Login

    Upload the newly created CFE file "new6400cfe.bin" to the router.
    This is done by dragging the file from the left side to the right (make sure the right side is in the /tmp/root directory)
    Close WinSCP

    Run Putty.exe
    Host name:
    Port: 22
    Connection type: SSH
    and Open
    login as: root
    password: admin

    To flash the CFE use the following commands:
    mtd unlock /dev/mtd0
    mtd write –f /tmp/root/new6400cfe.bin /dev/mtd0

    if mtd write –f /tmp/root/new6400cfe.bin /dev/mtd0 doesn't work try
    mtd –f write /tmp/root/new6400cfe.bin /dev/mtd0
    Close Putty

    Now that the new CFE is flashed the "recovery web interface" can be used to flash new firmwares.
    Hold the red "reset" button on the back of the router and power up the router, release it after about 15-20 seconds.

    Navigate to and the "recovery web interface" should come up.

    Flash Tomato Firmware (this can take up to five minutes, check the ping for ttl=64 to see if it’s done.)

    When the flash is done it's time to reset NVRAM (hold the WPS button while powering on the router, hold it until the Linksys logo starts to flash or 15-20 seconds)

    Navigate to and reset the router from within the firmware as well.

    Reboot router.
    Last edited: Nov 19, 2017 at 4:10 AM

Share This Page