Random Tech

I flashed a wrong dd-wrt firmware on my WHR-HP-G300N -- I flashed WHR-G300N instead. Notice the two missing letters... Nothing prevented me to flash this image, but after reboot I only got a solid red led (DIAG). Trouble!

It's been quite "fun" to bring it back to life. Following several guides I was poking in the dark, trying to tftp a firmware without any information what was going on. Wireshark wouldn't give me any data either, like the router was completely dead.

After a looong while, I decided to crack the router open and wire a USB²SERIAL connection to it, a cheap Prolific PL2303HX stick and things started to unfold. Buffalo uses a u-boot bootloader which luckily writes and listens to this serial port. Wireshark still helped because at some point router was still refusing to flash anything. It turned out that router was returning a "Unsupport REGION" error which was not displayed by the linksys tftp client I used. Soooo, here is the procedure:

• Initial status: router shutdown, no cable plugged, PC wireless off
• Carefully open the router, identify 4 unsoldered pins on the PCB then identify GND using a multimeter. Pins next to it are RXD then TXD.
• Connect to the PC, use Putty or similar, configure as:
  • serial 115200 bauds, 8 bits, 1 stop bit, No parity, No flow control
  • open the correct COM port (COM3 in my case)
• power the router, if all is good the console will be full of invaluable information
• start pressing CTRL-C continuously until you get the U-boot prompt
• let's fix the region first (source)

setenv region EU
saveenv
reset

• router resets, let's go console again with CTRL-C and capture some info

printenv

• Write down
  • ethaddr (here 02-AA-BB-CC-DD-1C)
  • ipaddr (here 192.168.11.1)
  • serverip (here 192.168.11.2)
• Now force the following network properties on the physical network card of the PC
  • IP Address = serverip from earlier (192.168.11.2)
  • force the address resolution of ipaddr to ethaddr MAC address

arp -s 192.168.11.1 02-aa-bb-cc-dd-1c

• Launch linksys tftp client
  • Enter server ipaddr (192.168.11.1)
  • Choose the CORRECT firmware
    • must be buffalo-to-dd-wrt_webflash-MULTI.bin
    • i.e. encrypted image like you would flash from original buffalo firmware to ddwrt firmware
• Reset the router (and quickly run the arp command again, for some reason I had to run the command each time I reset the router)
• When the tftp "time window" appears, launch the upgrade. You have only 4 seconds to launch the upgrade:

tftp server(receive) go, waiting:4 sec

• If you can't get the good timeframe, it might be because of PC network card not initializing fast enough. Using a 10/100/1000 switch will help as the network connection remains up even when the router is down.

Sources:

• Recovering a bricked buffalo airstation n450
• Bricked WHR-HP-G300N after flash firmware
  • Buffalo WZR-HP-G300NH # Debricking Info
  • of course use the proper file for your router and not the one in the guide, so download the buffalo_to_ddwrt.bin for the whr-hp-g300n
  • in step 2, instead of using that MAC, use this one: 02:aa:bb:cc:dd:1c