JTAG debrick, help for noob?

Discussion in 'Cisco/Linksys Wireless Routers' started by SteelersFANinMA, Dec 24, 2005.

  1. SteelersFANinMA

    SteelersFANinMA Network Guru Member

    Hi, I tried to overclock my router to 300 and I bricked it. I was successfull up to 264, (wrt was flying!)
    I've tried all the pin short/earthing/tftp methods without success. Power light is still blinking and I can't get a ping or access the router. I did build a JTAG cable, but now need help.

    I have the HairyDairyMaid debrick utility, read info. at wiki.openwrt.org and am now reading how_to_jtag-winxp.txt. The info. in HairyD... is sketchy at best for someone who doesn't know what they're doing and the info. from how_to_jtag... seems more complete, but written by someone who doesn't speak English well.

    Can someone please provide a link or give me some clear info. on how to debrick using a JTAG cable?
    Here is a piece of the how_to:

    download all files in: http://www.ranvik.net/prosjekter-privat/jtag_for_wrt54g_og_wrt54gs/xp%20files%20(working)/
    download the orginal fimreware from the ftp.linksys.com/pub/network/wrt54XXXXXXXXXXXX.zip is the filename.
    look at chip (on the wrt54g bord) and find the same nr on the flash file. its a difrent betwen .us and .eu , files end with ETSI=.eu
    WRT54GS_3.37.2_ETSI_code.bin = wrt54gs v1.1 (eu) test and it works.
    download the flash boot files from: http://lonewolf.hacker-nin.com/wrt/cfe/ (the file name must be CFE.BIN on disk)
    CFE.BIN on the web page is for wrt54gs v1.1 (eu)
    put all in same dir: like you se on the web page. eks: c:\wrt54gs
    dobbel klikk on SC.exe (1 time, no need to do it more, TURN OFF ALL VIRUS PROGRAMS!!!!)
    klikk: start -> run -> type CMD ->hit enter :)
    I seem to be doing OK until this point. I'm not sure much is happening from this point on:

    cd c:\wrt54gs
    her is the flash off the boot loader

    you have to be fast her :) press enter after 0,5sek after poweron the wrt54g and not after 2sek power on.

    wrtjtag.exe -erase:nvram (if you get error se below) (takes about 2-3min)

    you have to do the power on time betwen every time you use the wrtjtag.exe

    wrtjtag.exe -erase:kernel

    wrtjtag.exe -flash:cfe takes about 10-15min)

    Can anyone make sense of this or lead me in the right direction?
  2. vibe666

    vibe666 Network Guru Member

    jebus, sounds like you're having a hard time. I wish I could help, but I have a v2 wrt54g in the same boat (apart from the overclocking bit), but don't have a jtag cable. can you point me in the direction of where you found yours so I can build one and maybe see if I can unbrick mine??
  3. AliM

    AliM Network Guru Member

    All you have to do is erase nvram.
  4. SteelersFANinMA

    SteelersFANinMA Network Guru Member

    OK, I got a pointer from someone in the hyperwrt.org forums. It looks like I found my way, but I now get a Chip ID error when I try to erase the nvram. I either mixed up the wires or the female header connector didn't make connections to each wire on the ribbon cable.


    You can also go to the site below and get the .zip above plus more info. Use the .png picture so that you get the correct schematic for building the JTAG cable. The picture in the .pdf is for a female DB25 connector and not male as it should be for most.


    Here is another schematic not included in the above links that will help you build your JTAG cable:
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice