After some background, this post includes pictures and instructions for the de-bricking process.
Why upgrade the firmware at all?
Without doubt, the best wifi solutions going are built with the Linksys WRT-54g and its kin (those other models by Belkin, Motorola, and others who use the Broadcom chipsets). Why? Because Linksys published firmware source for them and several groups have extended it. There are a ton of good choices for firmware for these things. Some key reasons to upgrade are:
| IMPORTANT NOTE: This blog entry was from 2005! While I'm glad people still find it useful and come across it in searches, keep in mind that most of the hardware discussed is out of date at this point and has been replaced with new versions. It's unlikely you'll still be buying this gear in the same revisions. Also, nobody is likely to answer a question you post, because it only gets read by occasional search-engine based users now.
Is my wifi router compatible with the upgrades?
Many routers use the Broadcom chipsets. Most people upgrade the Linksys WRT-54G and its kin, but some other units are also compatible. If you're new to this, start at the Linksys Info Wiki and go from there. Do not buy a version 5 Linksys router. You can still find v2, v3, and v4 routers sitting on shelves in Radio Shack and other retail stores that tend to carry electronics by not turn inventory on them too quickly. I picked up a v3 a few days ago and could have had a v2. You can tell the version from the serial numbers. If you have other vendor's products, here's a "Table of Compatibility" that will tell you if you can use the firmware upgrades. Here's a chart of known serial number prefixes to compare with the first four digits of your Linksys WRT-54g serial number:
- Increase the transmission power to the maximum supported by the chipset (from 21mw up to 84mw or in some cases 251mw)
- Add custom software - these things give you a linux file system and cron tab
- Use the latest wifi security techniques
- Support WDS (repeater) mode
- Use advanced firewall, QoS, IPv6, and other features (including full IPTABLES in some cases)
* Version 5 cannot be upgraded as it uses a different base set of code!!!
Which firmware upgrade should I pick?
There are several good ones out there. Start at the Linksys Info Wiki and you can get quite a list. Here's a link which compares feature sets on the three most common. My experience has been that the Sveasoft versions are great, though the author does walk a very fine line in that he charges a nominal fee for access to the latest and greatest. There is no small amount of controversy over this. The Sveasoft "Tallisman v1.1" release is their first to support the version 4 routers. Sveasoft is very feature full, but if you're just using one router and want to juice the power a bit and get some benefits without all the very high end configurations, I really like the HyperWRT builds, which also support v4 routers now. These are based on the idea of staying as close as possible to the latest manufacturer source code, so updates are more frequent and the firmware tends to spend less time in beta getting the bugs out. If you want to do WDS (repeaters and multiple access points) you'll need to search for instructions using this release because its not in the menu structure. It can be done, however. I tried the DD builds, which have a good reputation, but my v4 routers "bricked" when I tried to use it so I can't give you a real review of them.
So what is "Bricked" and how do I fix it?
Bricked is when your fancy piece of electronic kit becomes a worthless lump of plastic because the firmware has crashed and it won't boot. This usually happens only during an upgrade if you make the mistake if unplugging it or rebooting it halfway through -- or you download an incompatible firmware. Once you've upgraded and are running, I've never seen one brick.
There are a TON of unbricking instructions out there. They pretty much all end up boiling down to grounding out PIN 16 on the flash while powering up. I had to laugh when I started reading long discussions of where to get a ground to jumper. These brilliant people who figure so much stuff out don't seem to know anything about the hardware. The easiest place to get a good ground, is the external shielding connector on the antenna mounts. That's a very big chunk of metal that is ALWAYS grounded because that's its job.
So, to unbrick the idea is simply to boot the unit in a state where it doesn't believe it has valid firmware, so it goes into a state open to accepting a replacement. You do that by grounding PIN 16 with the unit unplugged. Keep pin 16 grounded while you plug in the unit, and you'll see the power LED go into a flashing pattern. Once in that state, it will accept a firmware upload.
1. Open the cover. There are no screws. I have found that the easiest way to open it without breaking is to first remove the antennas, then hold the unit upside down with the back of it facing you and the blue front piece facing away. While holding it by the gray/brown "body" press with both thumbs on the blue faceplate between the front feet. The whole blue part will come right off. Once that's done, you can pull the main board unit as a single piece out of the back body. You do not need to detach the main board from the bottom plastic.
2. Locate the flash chip. It says "Intel" on it and is rectangular with 25 thin leads extending from both short sides of the rectangle. See the picture below.
3. With the unit's LED's facing you, you're interested in the pins on the left side. They are marked off in fives by small white marks. You're interested in pin 16. See the picture below.
4. As shown in the pictures below, use a pointed probe to ground pin 16 while powering on the unit. My experience has been that you won't likely break things if you ground the wrong one, but its possible. Just don't mash all those traces together or you'll never get it to boot. Be gentle.
5. I've always seen it work pretty quickly. You start seeing the power LED flashing rhythmically. You may see all the other LED's light up and stay lit until you've let go the ground. That's ok. Let go the ground and it should keep flashing.
Now you're ready to re-flash the unit.
1. Power off the unit.
2. Boot a linux box on your network (or use a knoppix boot linux cd on your regular machine). If you don't have access to either of these, you are not a geek and should not be playing in this sandbox.
3. Plug a network cable from your linux box to the router (or plug the router onto your network). Use the LAN ports on the router, not the WAN port. Do not yet plug in the router.
4. When the router comes on, it will have the address 192.168.1.1. If you've left your private network on that same default subnet, you'd better plug the linux box directly into the router and not on your network.
5. Give your linux box a secondary address on the 192.168.1.0 subnet. You can do this without breaking your existing connections. You'll need root access. If you don't have root access, you're in way over your head. Go play with Windows. Use the command: "/sbin/ifconfig eth0:1 192.168.0.10 netmask 255.255.255.0".
6. Make sure you have a valid firmware to upload. For this doc, we'll call it firmware.bin
7. Open a TFTP session to your routers address (the router is still off) and configure with these commands:
# tftp 192.168.1.1
> rexmt 1
> timeout 90
> put firmware.bin
8. You'll see the tftp session attempt to send packets. It will keep trying. Now plug in the router and it should (after a moment) start accepting packets.
9. You should see a bunch of packets sent and received with "ACK" messages. It won't take long. If you get errors, something went wrong. Here's some errors I've seen:
"Invalid password" --> You're not in tftp receive mode, you're getting a web prompt, or (maybe) the firmware isn't authorized for this unit (sveasoft)
"incorrect pattern" --> firmware isn't supported for this chipset or is damaged
no response at all --> you haven't unbricked the router first.
10. Once you've sent all the packets, the light will still flash. DON'T TOUCH IT. It may take several minutes to reformat the flash and get ready for a first boot. How long is too long? Hard to say. If an hour goes by, you'll probably want to try again. Usually a few minutes is enough. It will depend on the firmware used. When you've got regular, solid lights, its done.
|CDF0 = wrt54g v1.0
CDF1 = wrt54g v1.0
|CDF2 = wrt54g v1.1
CDF3 = wrt54g v1.1
|CDF5 = wrt54g v2.0
CDF7 = wrt54g v2.2
|CDF8 = wrt54g v3.0
CDF9 = wrt54g v3.1
|CDFA = wrt54g v4.0
CDFB = wrt54g v5.0