NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

gilsanx's avatar
gilsanx
Follower
May 30, 2022

Recover a bricked netgear R7000 through serial interface and tftp

Situation description:

 

Updated Nighthawk R7000 to DD-WRT and then WRT-Merlin

FW update went wrong, so the router got bricked.

 

Connected via UART and it got stuck in this loop

[249 watchdog:btn_check +20] button RESET pressed
You can release RESET button now!
[249 watchdog:btn_check +20] button RESET pressed
You can release RESET button now!
[249 watchdog:btn_check +20] button RESET pressed
You can release RESET button now!
[249 watchdog:btn_check +20] button RESET pressed
You can release RESET button now!

 

 

Middle steps and resources:

 

Serial interface

Follow the steps in this link to get into the serial interface. If the solution there doesn't work, then repeat the steps but DO NOT start the tftpd server.

 

In my case, when I connected the serial cable to the router, it didn't start. The lights flashed and stayed bright but never went off.

to solve it, I left the GND cable, turned on the router and after the first blink of the lights, I immediatelly connected the TX and RX cables.

 

In the putty window (or whatever serial client you are using), I started pressing CTRL+C

et0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 6.37.15.1 (r407936)
et1: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 6.37.15.1 (r407936)
CPU type 0x0: 1000MHz
Tot mem: 262144 KBytes

Device eth0: hwaddr 60-AA-7C-69-B9-B5, ipaddr 192.168.1.1, mask 255.255.255.0
gateway not set, nameserver not set
Startup canceled
CFE> ^C
CFE> ^C
CFE>

Serial recovery

From this link, you can get some of the commands to debrick the router.

Here is another resource.

They will be used later

 

Hex Editor

If you need to edit a firmware file, you can get an editor from here.

 

Solution:

If previous tftpd attempts have not solved your problem, then you can attempt to use "flash" command instead.

Same as explained in this thread, use a hex editor and open the Netgear fw.

Delete the first bytes until the first bytes read as 'HDR0'

Prepare your tftp client to send the Netgear fw that you have just edited

Get into the CFE command line

run these commands

 

nvram erase [hit enter]

nvram commit [hit enter]

flash -noheader : flash0.trx [DO NOT hit enter]

 

Important - You must be fast, that's why you had to prepare the tftp client

Hit enter on the putty console, and as soon as you receive this respone "Reading ::", switch to your tftp client and send the fw to your router

 

If everything goes well, you will receive a message like this in about 2-3 minutes

CFE> flash -noheader : flash0.trx
Reading :: Done. 29904896 bytes read
Programming...done. 29904896 bytes written
*** command status = 0

 

Now execute 'go' and wait for the router to boot

No RepliesBe the first to reply