CFE bootloader update on Asus RT-N66U router

Discussion in 'Tomato Firmware' started by kthaddock, Oct 14, 2012.

  1. kthaddock

    kthaddock Network Guru Member

    This archive is for a CFE bootloader upgrade on Asus RT-N66U router from factory version to version
    The goal is to return CFE possibility to read variables from NVRAM which is lost while NVRAM been upgraded 64Кб in recent stock firmware releases.
    You need the PC with Linux for that.

    If you don't need restoration of the this possibility or you just don't know what it is, then better do not to touch the bootloader. Damaged CFE will bricks router! You should represent consequences of the actions and you should understand what you are doing in the update process because only you take responsibility for update success. Or fail[​IMG].

    That all.

  2. lefty

    lefty Networkin' Nut Member

    @ kthaddock : have you tried this on your RT-N66U?
  3. ryzhov_al

    ryzhov_al Addicted to LI Member

    kthaddock, please, update an instruction. Some code blocks (started with $) was corrupted by spell checker with unwanted spaces.
  4. kthaddock

    kthaddock Network Guru Member

    Sorry can't update, EDIT is removed if someone post after mine post. Can't delete neither.

    Toastman can you delete or update mine first post ?
  5. lefty

    lefty Networkin' Nut Member

    As i asked before, have you tried this on your RT-N66U? You give no indication in your posting here that this is something you have tried and it works...
  6. lefty

    lefty Networkin' Nut Member

    Also for the record, the edit and delete functions have nothing to do with some one posting after your post, it has to do with time that the post has spent on the forum, after some given time (around 20-30 minutes), you cannot edit or delete your post..
  7. ryzhov_al

    ryzhov_al Addicted to LI Member

    It's ok now. Thank you.
  8. kthaddock

    kthaddock Network Guru Member

    This was for F.Y.I and as you can see in my signature i don't own one.
  9. lefty

    lefty Networkin' Nut Member

    actually i don't see your signature... my settings are set not to show those. which is why i asked..had i seen your sig and seen you didn't own one, i wouldn't have asked.. :rolleyes:

    ok lemme ask this a different way, has anyone done this procedure and confirm it works? i would hate to think that this supposed CFE is from a newer model RT-N66U and won't work on the older ones, and to note the disclaimer is pretty vague.. i would go so far as to say have JTAG ready and know how to use jtag before attempting this. i am teetering on purchasing one of these units and it would be nice to know if this works, so far i see alot of postings and references to this, but not one person confirming that they have tried it and works..
  10. pharma

    pharma Network Guru Member

    For now, I think the best way to confirm if it works is to follow the SmallNetBuilder forum link provided above. There does seem some interest there as far as trying the procedure.
  11. lefty

    lefty Networkin' Nut Member

    Yes, its not only there, its here, dd-wrt forum etc. Lots of attempts, but no one confirming that they have actually done this, even the people creating the threads with the info cannot confirm if it works... and i am very suspect of this whole procedure, in the end, you don't end up with a 256k CFE, which is kinda scary, it just doesn't seem to compile a complete CFE. As i warned earlier, i wouldn't even attempt this procedure without knowing how to use jtag, just incase you have to do a whole flash restore (CFE+firmware) but yes, i'm seeing that the smallnetbuilder thread seems have the most activity.
  12. mstombs

    mstombs Network Guru Member

    AFAIK tomatousb doesn't have ability to write to bootloader mtdblock, so tomato cant be blamed for bricks? The procedure should specify exactly what firmware needs to be running - is it Rmerlins Asus rebuild?.

    I don't have a N66u, but have used a similar (but not the same) CFE write command from dd-wrt for the WRT54G-TM in the past. The instructions should ask you to "cross your fingers" and "pray" at this stage. The way flash works is that the whole erase block is first erased (reset to all 1s), then new values written, so if process is interrupted or power fails at crucial point you would have a brick, requiring JTAG.

    The source CFE is always 256kB because you dump the the 256kB mtd block, but I would prefer a "dd" command to "cat"!

    It is not unexpected that the resulting CFE is smaller after changing the default NVRAM vars, you should check with a hex editor that is only 1's of Hex FF bytes stripped from the end.

    You won't find out that the default NVRAM (containing MAC addresses etc) is OK until the CFE detects a blank or corrupt NVRAM and resets to default.

    NOTE: do not even attempt this procedure unless you need the fix it claims to provide!
  13. ryzhov_al

    ryzhov_al Addicted to LI Member

    Well, some guys already can confirm.

    I'm agreed with every mstombs word: you must understand what you doing.
    lefty likes this.
  14. fritsp1989

    fritsp1989 Serious Server Member

    Well i flashed it, and i can confirm this works.
    But i have to admit its a pain in the ass and its a big risk that you take, no matter how you will turn flashing CFE will always be a risky business.
    If you don't REALLY need it leave it alone, although i am not a Linux expert it took me a whole day to figure out how to do it the right way.
    lefty likes this.
  15. lefty

    lefty Networkin' Nut Member

    Hey guys, thanks for answering this, i been very curious about it and you guys probably just saved me from getting one of these as i don't see it as a total requirement. i de-brick alot of routers as a hobby of mine (serial and jtag), so i don't see this as something i wouldn't be able to do, just don't see the asus as something i need right now (maybe future) but i was mainly curious to know because once upon a time, i really liked Asus wireless products and its nice to know if in the future i need it, it would be there.
  16. xtacydima

    xtacydima LI Guru Member

    just curious, is there a revision log or a list of fixes or improvements in the new CFE?
  17. ryzhov_al

    ryzhov_al Addicted to LI Member

    No, because it was closed sourced, until Broadcom SDK 6.x release.
  18. mstombs

    mstombs Network Guru Member

    Are you saying "Broadcom SDK 6.x release" is or will be open source?

    Is the CFE source source in latest Asus GPL package complete and compilable? Any chance it would support RT-N16? Example default NVRAM file has interesting info on board setup, but

    # Bootloader version
  19. ryzhov_al

    ryzhov_al Addicted to LI Member

    A bit more compicated. A CFE cources opened in Broadcom SDK 6.x release, which used in AC66U, but in N66U code it remains closed. At least, we may refer to AC66U's CFE source code for now.

    I sold my RT-N16 last spring, so I do not want to advice those things, which i not tested on myself.

    Anyway, CFE is a hardware specific thing, for example, it must "know" how erase block aligned in current FLASH chip and so on. Please, don't try to install N66U's CFE to N16.

    Try a test-case from my README. A N16's CFE may be healthy one.

    BTW: RT-N16 can be quite overclocked, AC66U can, but N66U can't. Here is my comparisons.
  20. mstombs

    mstombs Network Guru Member

    Thanks - I won't be trying any CFE change in RT-N16 unless I get a working JTAG set-up!

    Latest Asus GPL release does contain recent patches to the CFE sources, and now default nvram includes

    # Bootloader version
    and does seem to have been used:-

    release/src-rt-6.x/cfe/build/broadcom/bcm947xx/compressed/Makefile:    ../../../../../../tools/nvserial -i cfez.bin -o cfe_rt-ac66u.bin -s 00 rt-ac66u_nvram.txt
    So maybe its just that tools folder that isn't included?

    and a CFE patch README says

  21. ryzhov_al

    ryzhov_al Addicted to LI Member

    Yes, src-rt-6.x is RT-AC66U only.
  22. menses

    menses LI Guru Member

    Surprised that so few people here have updated their CFE to the 64k aware version.
    Isn't this the long awaited final solution to the tedious NVRAM issue?
  23. ryzhov_al

    ryzhov_al Addicted to LI Member

    A bug fixed! Please, download archive again and repeat update.
  24. jakey

    jakey Networkin' Nut Member

    Is it true tomato blocks writing to the cfe partition ? Anyway to write back the modified cfe from tomato ?

    Thanks for any info
  25. jsmiddleton4

    jsmiddleton4 Network Guru Member

    What are we d/l and how are we updating?
  26. jsmiddleton4

    jsmiddleton4 Network Guru Member

    Got it.

    One question and I know, basic... But I'm not going to leave this to chance.

    How are you "moving" the file back and forth between router and hard drive? FTP client? Telnet command if if so what is the syntax?

    Updating process
    Update process includes following stages:
    • reading and saving the current CFE,
    • unpacking NVRAM factory settings from it (including unique MAC addresses of your router),
    • inserting unpacked NVRAM settings to the new CFE binary,
    • flashing new CFE bootloader.

    1. Reading of the current CFE.
    On a command line of a router do:

    $ cat /dev/mtd0 > ./cfe.original

    Then move ./cfe.original to PC to the same folder where contents of archive are unpacked.

    2. New CFE preparation.
    Process is automated, just run a script:

    $ ./ cfe.original

    where is a name choosen for a new CFE binary.

    3. Flashing new CFE.
    Place back to router and run:

    $ mtd-write -i -d pmon

    That all.
  27. jakey

    jakey Networkin' Nut Member

  28. jsmiddleton4

    jsmiddleton4 Network Guru Member

    I'm willing to try just about anything but the step by step instructions has to be written for folks that don't have a clue. There are step by steps that are written for people who already have some idea regarding each step. Then there are step by step instructions for people who need STEP BY STEP. I'm one of the later.

    Not going to try this thing at this time.

    Might just wait and take mine back after a new batch of the routers arrive at Fry's.
  29. ryzhov_al

    ryzhov_al Addicted to LI Member

    Now update can be done right on RT-N66U, no PC is needed!

    Can someone remove old instructions from the first post? It's really useless, need to place a link instead.

    As other users reports, yes. Looks like /dev/mtd0 is write-protected on Tomato, please do update on stock firmware or Merlin's mod.

    Yes, theMIROn rewrote functionality of Broadcom's nvserial proprietary tool, which allowed me to port all stuff to router.

    Sorry, but we can't shift our main resources to very detailed documentation (time! Some one borrow me a more time!), I hope most of developers understand me.
  30. jsmiddleton4

    jsmiddleton4 Network Guru Member

    "Sorry, but we can't shift our main resources to very detailed documentation (time! Some one borrow me a more time!), I hope most of developers understand me."

    I understand completely.

    I hope Asus addresses this thing.
  31. Lost_Animal

    Lost_Animal Addicted to LI Member

    Is a very Simple procedure and if you follow the instructions there is NO Risk except POWER LOSS during Upgrade Procedure.
    If you are on Tomato just extract your CFE.BIN and save it on your PC to have it as Backup just in case......
    Flash your router with Merlin's FW and proceed with the CFE upgrade.
    Remember to copy also the cfe.old & files from your router to a safe place using the WinSCP.

  32. Cyberian75

    Cyberian75 Network Guru Member

    I'm not able to flash back to Shibby's using the Firmware Restoration utility. Router just dies when I do.

    Please help.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice