Hi, I have a Netgear D6200 ADSL modem / router, which I recently unbricked after a failed firmware upgrade. I posted what I did below for anyone with the same issue, including my original post which was in the wrong forum. I'm looking to backup the whole flash, if possible, just like if I were to solder to it and hook it to my EEPROM programmer, and dump it. I've done this a few times, but this being a surface mount I am not really looking to do so. Now that I have the serial console working, I was also wondering if anyone knew the command to open port 23. It appears "telnetd" is running, but it refuses connections VIA telnet. I don't want it accessible from the WAN side however, as this would be a huge security concern. I was wondering if anyone knows how to backup the whole flash image (including CFE), other than trying to solder to the NAND chip (it's a TSOP48 SMD, that would be fun even with Kynar, and then my EEPROM programmer tries to power the whole board through the Vcc pin obviously unless I remove the chip or cut the trace). If I could back the whole thing up, this would help me fix it if it were ever hard-bricked. Any ideas? I can do a CFE> dm, however it does output like this: CFE> ll� �� �dm 0xb0000000 0x0000ffff b0000000: 636220b0 fffffffe 00000000 00000001 cb ............. like an ASCII output of a HEX dump. Also, I don't know where the START address of the flash is (says 0xB80000000, boot is 0xB82000000, but I've had it dump part of the flash then do some repeating info ffeffeff stuff like that, or 66000000 08ffffff... random binary stuff. Anyway, if anyone knows the START address of the beginning of the flash, let me know that would be useful. Also, if I could upload it via TFTP whatever that would be even better. On a comtrend router I have, there's actually a 'backup-wholeflash.htm' in the /www folder that allows me to save it. I recently had trouble with my Netgear D6200 being bricked after the 1.00.30 update (using the auto-update feature), however I was able to resolve the problem. I soldered up a pin header to J6, and hooked up my USB-to-TTL converter, and was able to get it to the Netgear HTTP recovery (which happens to be 192.168.0.1 - set your IP to the same subnet like 192.168.0.100 if you have problems). For all interested, here's the original post and what I did: https://community.netgear.com/t5/Wireless-N-Routers/D6200-ADSL-Firmware-Bricked-using-Web-upgrade/m-... For anyone wanting the a serial console, the settings are: 115200 Baud, 8 Bits, No Parity, 1 Stop Bit, No Flow Control Pinout (Header J3): > |GND| |Rx| |Vcc| |Tx| (3.3v - Use a USB-to-TTL or RS232 to TTL, or build your own using the MAX232 chip) Pin 1: Ground Pin 2: Rx (From PC) Pin 3: Vcc (3.3v) Pin 4: Tx (From PC) Please note: Power on the router after starting your favorite terminal emulator. You may find that you need to hit "enter" a split second after powering the router on, if you get to the CFE> prompt and don't want to, type "reset" and hit "enter", or power off and try again. If you want to see what you can do in the CFE, type "help" (I don't recommend messing with the CFE if you don't know what it does, as it can FUBAR your router - I don't know if there's a JTAG solution)
